Tag Archives: cross site

Phishing Toolbars — The One That Works

By | April 3, 2005

Last week I wrote in my WSJ.com/AWSJ column (sub required) about the cross site scripting phish I received a few weeks ago (it appeared late because of the Easter holiday.) The point I made in the column is that most of the browser toolbars designed to prevent phishing failed to warn the user of the attack. Some readers… Read More »

Putting Phishers In The Banking Frame

By | March 16, 2005

Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank. My phishing guru… Read More »

Bicycle Bandits And Phishing

By | December 7, 2004

Further to my post about the phishing incident at SunTrust, you don’t always need to be that sophisticated to rob a bank. All you need is a bicycle. Late last month, the Richmond Times-Dispatch in Virginia reported that a man entered the SunTrust bank in Richmond “shortly before 11 a.m. and made a verbal demand for money. He… Read More »

The Phishing War Escalates

By | December 7, 2004

The guys at Netcraft, a British security consultancy that has done a good job of tracking, exploring and warning about phishing, say they’ve come across the first case of cross site scripting being used in the wild for phishing purposes. This isn’t as arcane as it sounds, since it allows phishers to make their lure appear to even… Read More »

TRUSTe’s Own Phishing Hole

By | November 10, 2004

We all know about phishing websites that look like real banking sites. Usually, to the informed layperson, there’s something in the site to inform the wary that it’s not kosher. But what happens when there’s something in the site that confirms that it is kosher? First some background: TRUSTe is an independent body whose “services support online business… Read More »