Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank.
My phishing guru Daniel McNamara explains that the long URL — which begins with a legitimately looking http://www.charterone.com and contains none of the usual hidden URLs further down the URL — actually contains a link to a frame, which “effectively allows the phishers to load a frame containing their site withing the real charterone site”. This frame appears in the browser inside the legitimate page http://www.charterone.com/legalcenter/do_not_solicit_confirm.asp . It looks like this:
I’m going to run this by CharterOne to see what they have to say about it, but as Daniel points out, “it’s a pretty bad failing. a fairly common one unfortunately.”
After contacting Charter One (well, their parent Citizens Bank) this hole has been plugged. They haven’t replied to my questions yet, however.
Pingback: Chris Mosby at myITforum.com
Pingback: Mary's Blog