A new type of phishing attack

What sort of sandwiches do you have?
Post Reply
User avatar
Philondra
Legendary
Posts:3216
Joined:13 Sep 2007, 17:14
Location:Tokyo, Japan
A new type of phishing attack

Post by Philondra » 25 May 2010, 11:58

Is it just me, or does this seem like it is scarily effective? Or am I just that horrible at computers that I could see myself getting fooled by this? Paging Cart!

http://www.azarask.in/blog/post/a-new-t ... ng-attack/

User avatar
midi
Legendary
Posts:3592
Joined:14 Nov 2007, 12:10
Location:Midget say what?

Re: A new type of phishing attack

Post by midi » 25 May 2010, 12:05

That's an interesting piece of social engineering there.
¯\_(ツ)_/¯ soak rifts or riot ¯\_(ツ)_/¯

User avatar
Cartollomew
I has a monocle (Site Admin)
Posts:8805
Joined:22 Aug 2006, 12:11
Location:Perth

Re: A new type of phishing attack

Post by Cartollomew » 25 May 2010, 12:52

Very clever, and yes, potentially very effective.

One possible preventative measure (alluded to in the article) is to use an account manager ("save my login details"), which is less of a security risk than you might think, but obviously not always an option (on computers you share for example, or certain sites - like bnet or banking - you can't use account managers).

From a technical viewpoint, browsers could mitigate the issue by disallowing a change of favicon - Opera already does this (though I suspect more through not implementing it than preventing it), but that's only really half a solution, since a page could load with the gmail icon and the trick would still be effective.

Nah, I think this is a genuinely worrying technique, and deceptively primitive and simple to enact - I can see myself being fooled by this as well, particularly since I often have in excess of 30 tabs open at a time.

Hmm.
Who do you think you are? If you'd stopped winning, you could have been the Biggest Loser, if you gave up, you could have been a Survivor, if you'd stopped reading Orwell, you could have been on Big Brother!

User avatar
Dropdeadqt
Legendary
Posts:4895
Joined:05 Nov 2007, 01:27
Location:Brisbane

Re: A new type of phishing attack

Post by Dropdeadqt » 25 May 2010, 13:44

NoScript doesn't allow it to work =).
Image

User avatar
Lellybaby
Legendary
Posts:3031
Joined:07 Oct 2007, 09:53
Location:Brisbane, Australia

Re: A new type of phishing attack

Post by Lellybaby » 25 May 2010, 14:05

Noraneko wrote:NoScript doesn't allow it to work =).
Best addon I ever got
Image

Juke a DK/Warrior, Die Anyway ._.

User avatar
Cartollomew
I has a monocle (Site Admin)
Posts:8805
Joined:22 Aug 2006, 12:11
Location:Perth

Re: A new type of phishing attack

Post by Cartollomew » 25 May 2010, 15:23

Noraneko wrote:NoScript doesn't allow it half the web to work =).

...but it is very good if you want to be sure you'll be safe.

Ultimately though, issues like this (and clickjacking, which NS also protects against) are a result of web policy problems - ones that need to be prevented rather than fixing the symptoms.

So, you know, we can stop worrying about them in 5-10 years when we have "braintheft" or "bloodloggers" or something to worry about...
Who do you think you are? If you'd stopped winning, you could have been the Biggest Loser, if you gave up, you could have been a Survivor, if you'd stopped reading Orwell, you could have been on Big Brother!

User avatar
Dropdeadqt
Legendary
Posts:4895
Joined:05 Nov 2007, 01:27
Location:Brisbane

Re: A new type of phishing attack

Post by Dropdeadqt » 25 May 2010, 15:38

I'd say it's probably closer to 80% of the web... but that's just my "professional" opinion.
Image

Mitra
Legendary
Posts:2002
Joined:22 Aug 2006, 14:11
Location:Perth W.A.

Re: A new type of phishing attack

Post by Mitra » 25 May 2010, 16:10

is braintheft a thoughtcrime?
"Life is no Nintendo game / But you lied again / Now you get to watch her leave / Out the window / Guess that's why they call it window pane" -Eminem 'Love the way you lie' - Award for Excellence in Puns in the medium of Rap 2010

User avatar
Cartollomew
I has a monocle (Site Admin)
Posts:8805
Joined:22 Aug 2006, 12:11
Location:Perth

Re: A new type of phishing attack

Post by Cartollomew » 25 May 2010, 16:42

Mitra wrote:is braintheft a thoughtcrime?
Only if it's premeditated...
Who do you think you are? If you'd stopped winning, you could have been the Biggest Loser, if you gave up, you could have been a Survivor, if you'd stopped reading Orwell, you could have been on Big Brother!

Mitra
Legendary
Posts:2002
Joined:22 Aug 2006, 14:11
Location:Perth W.A.

Re: A new type of phishing attack

Post by Mitra » 25 May 2010, 16:44

*groan*

:lol: :lol:
"Life is no Nintendo game / But you lied again / Now you get to watch her leave / Out the window / Guess that's why they call it window pane" -Eminem 'Love the way you lie' - Award for Excellence in Puns in the medium of Rap 2010

Post Reply