Flash Phishing

• GSL

  4 Jan 07, 17:23

  We've now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content.
  
  Two recent examples, both targeting PayPal: www.ppal-form-ssl.com and www.welcome-ppl.com.
  
  These sites look like the real PayPal front page, but they are actually Flash recreations.
  
  
  
  When you type in login information, the SWF file displays a new page, asking for your credit card information.
  
  
• ndmmxiaomayi

  4 Jan 07, 18:26

  Both websites have been reported and brought down.
  
  Another form of phishing is what I've said about when someone asked about hacking, man-in-the-middle attacks. It has hit Amazon. It's being blogged. A screenshot can be seen at the blog.
  
  The last form is based on scripting, making use of the POST method.
  
  Looking at the codes, it doesn't look too harmless, everything is nearly the same as Paypal, except for one thing:
  
  

  code:

  
  
  All to Bravenet, a webhosting company. This user is using a free email form from Bravenet.
  
  Although it has other codes pointing to the legitimate Paypal, the codes that would actually work is this POST method.
  
  Don't need to care about the hidden thingy, Bravenet uses this to limit the people who uses their services for free.
  
  Full source