Re: [Declude.JunkMail] New Phishing Scheme

[Darin Cox]

Yep...it's been around a while... we first saw it July of last year with a US Bank phishing attempt.  It only affected IE... and only when no other toolbars were installed.  Firefox was not vulnerable to it.   It was quite surprising, as it uses DHTML to place a div over the URL window if the window is at the default offset from the main window... surprising that IE allowed that... Darin.     ----- Original Message ----- From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 5:27 PM Subject: [Declude.JunkMail] New Phishing Scheme Hi, All-   Somebody has figured out how to use _javascript_ to make a link look correct on the page, and in the status window when you mouse over the link, while actually sending you to a phish site. So it is no longer sufficient to check the status window, you actually have to look at the page source to figure out whether a link goes where it says.   Maybe some of you have already seen this technique, but it's the first time I have seen it in my inbox. I was waiting for this to happen, and I'm a little surprised that I haven't seen it before.  It's actually pretty simple to do.   Since there are probably lurkers here, I'll be happy to share the code OL with people I know if you want to see how it's done. If the weight of opinion here is to share the code openly, I will be happy do so.   -Dave Doherty  Skywaves, Inc.  301-652-8822 x209