Phishing Toolbars — The One That Works

Last week I wrote in my WSJ.com/AWSJ column (sub required) about the cross site scripting phish I received a few weeks ago (it appeared late because of the Easter holiday.) The point I made in the column is that most of the browser toolbars designed to prevent phishing failed to warn the user of the …

Continue reading ‘Phishing Toolbars — The One That Works’ »

Putting Phishers In The Banking Frame

Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank. …

Continue reading ‘Putting Phishers In The Banking Frame’ »

Bicycle Bandits And Phishing

Further to my post about the phishing incident at SunTrust, you don’t always need to be that sophisticated to rob a bank. All you need is a bicycle. Late last month, the Richmond Times-Dispatch in Virginia reported that a man entered the SunTrust bank in Richmond “shortly before 11 a.m. and made a verbal demand …

Continue reading ‘Bicycle Bandits And Phishing’ »

The Phishing War Escalates

The guys at Netcraft, a British security consultancy that has done a good job of tracking, exploring and warning about phishing, say they’ve come across the first case of cross site scripting being used in the wild for phishing purposes. This isn’t as arcane as it sounds, since it allows phishers to make their lure …

Continue reading ‘The Phishing War Escalates’ »

TRUSTe’s Own Phishing Hole

We all know about phishing websites that look like real banking sites. Usually, to the informed layperson, there’s something in the site to inform the wary that it’s not kosher. But what happens when there’s something in the site that confirms that it is kosher? First some background: TRUSTe is an independent body whose “services …

Continue reading ‘TRUSTe’s Own Phishing Hole’ »

How To Phish Google

I’ve long believed that phishing emails are just the beginning of a new kind of fraud which is likely to be sophisticated and fast moving. Here’s an example of what they might look like, courtesty of a British computer scientist called Jim Ley, written up at the security website Netcraft. Ley, Netcraft says, “has demonstrated …

Continue reading ‘How To Phish Google’ »