Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Latest in Phish Hooks

5:15 PM -- It's a new year, and we're all making resolutions. I've resolved to lose weight. My editors have resolved to teach me how to write. And phishers have resolved to make their scams harder to detect than ever.

The folks at security vendor F-Secure report that they are now seeing phishing scams that use flash content, rather than HTML, to deliver recreations of real Websites. The flash pages look like the genuine article, but because they aren't written in HTML, they also escape detection by tools designed to seek out HTML fakes.

There are a couple of examples of the flash-based phishing pages on the F-Secure site here. Note how the flash login page looks exactly the same as usual -- the only difference is that it routes you to a new page to "verify" (i.e., retype) your login data, where the thieves nab it. Pretty tricky.

Separately, the folks over at, a security awareness site, are reporting a new "man-in-the-middle" attack that uses a real site as its launch point. An attacker sends users a fake email, telling them that some unauthorized activity on an account has been detected. The attacker then directs the user to log onto a real site, such as, but then requests additional information, such as date of birth, address, and Social Security number. Users might be logged into the genuine site, then lower their guard and give up personal information.

Castlecops spokespeople believe the new exploits may be the product of some "phishing kits" sold on the black market, which include logos and templates to fake the Web pages of popular banks or retail institutions.

The new exploits prove that 2007's phishing attacks will be more believable than ever. Even users who are wise to recent scams may fall for these new ones. However, some of them are detectable simply by checking an IP address, and others can be prevented through "captchas" that use a mixture of letters and numbers to differentiate automated systems from real users, Castlecops says.

The key is not to focus entirely on how the site looks, but to observe how it operates. If it asks you to put in additional information, beyond what you usually enter, be suspicious.

Maybe you'd better make that your new year's resolution. Anyway, it's easier to stick to than the South Beach diet.

— Tim Wilson, Site Editor, Dark Reading