A new phishing trick; cool, in a nefarious way: The phisher pops a window that uses Javascript to hide your real address toolbar, then adds a fake tool bar with a graphic and DHTML coding, matching your browser, that looks like the original address toolbar, with a fake but usable URL field in it, which is stocked with the address of the legit site the phisher is masqueraded as. So the actual phisher site address is completely hidden, and it looks like you're at the legit site. Nasty. There's the real phish at the bottom, in the quoted passage (sorry, original headers lost, so I don't know who the initial writer was) which you probably don't want to go to. Immediately below is an example of how it works on a safe page: http://ip.securescience.net/exploits/ You have to have popup-blockers turned off for it to work. The safe test version above only seems to fake IE6/Win address bars, but it does so successfully in Firefox and Safari on the Mac. I don't think it would fool that many Mac people but the fakery is pretty impressive with IE on WinXP, and as noted above, the live phish is claimed to be more sophisticated in its mimickry.
This is a heads up. Below you'll find a new and sophisticated Paypal scam.
It uses a google redirector to mask where it goes, but that is certainly not the advanced stuff :-)
The complete URL is: http://www.google.pt/url?sa=U&start=4&q=http://dns1.n- kiso.co.jp/.checking/. www.paypal.com/index.php
Which goes to: http://dns1.n-kiso.co.jp/.checking/.www.paypal.com/index.php
When the link "Click here to go to our main page "
It will open a javascript: "java script: Start('sysdll.Php')"
When opened it will construct the fraudulent website according to your default browser.
I've tested with:
- Firefox - Internet Explorer - Opera
All latest versions with all relevant patches.
The fake adressbar used may trick someone into thinking that they are actually on https://www.paypal.com. Watch and observe. This is indeed tricky done.
Although - some popup blockers should block this I would think. The trick is similar to http://ip.securescience.net/exploits/ so it creates an address bar using a pop-up controller and you just draw the image of the address bar. This is one of the first ones I've seen that has been done quite a bit better than the other ones that have attempted it. Their aim was off so it looked terrible.
------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]