Phishing emails go formal

Posted on August 04th, 2005

New method hides the true web address.

Researchers have discovered a new method used by criminals to hide the location of phishing websites in email messages.

The technique uses a form that sends the users to phishing websites after they have pushed a button. Traditionally phishers employ a link in the body of the email message, security watchdog, the SANS Internet Storm Centre has warned.

Forms are commonly used by websites to allow users to send information back to the sites, for instance to enter user names and passwords for log ins.

A phishing email tries to lure the recipient to a website that the message claims is from a trusted organisation like a bank or credit card company. The aim of the message is to steal confidential information such as login names and passwords.

A commonly used method claims that a bank’s computer system has been hit by an outage and that users need to re-enter their information to re-activate their accounts. The email provides a link that leads to a forged website that resembles the bank’s official site.

Although regular HTML allows phishers to hide the true location of the link to a certain degree, many email clients show the true address in the bottom of the window when a users holds his mouse over the message.

The new method allows the criminal to hide the true location of the website to the recipients, increasing the chance that they will believe the message is genuine and fall for the scam.

By Tom Sanders – VNUnet