We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,721 News Articles

New style of phishing attack discovered

Hackers can now plant information on official websites

The rate of innovation in phishing has been underlined with the discovery of an attempt to hijack a website frame on a legitimate banking site.

The hack was revealed this week by UK security company Netcraft, which tracks such new forms of incursion using reports from its user community. The target in this instance was the online log-in of US-based Charter One Bank.

In contrast to established phishing techniques where whole pages are reproduced at bogus sites, the new "cross-frame" scripting approach is able to inject content on to a real web page, making it extremely difficult to detect.

Anybody visiting a website while prey to the attack – for example, following a phishing e-mail link – would be presented with what would look like the real website, in which had been planted a fake "account update" form.

An attack such as this would have to be directed at a specific bank website and wouldn’t necessarily be possible on all banking websites.

Nevertheless, the ability to carry out such an audacious attack gives some insight into the level of creativity now being employed by phishers.

According to the security blog of Dow Jones columnist Jeremy Wagstaff, the website hole is believed to have been fixed by the bank in recent days.


IDG UK Sites

Motorola Moto G2 release date, price and specs: Best budget smartphone gets upgrades

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer