Phishing attacks continue to grow at a rapid rate and are used mainly for identity fraud. Unfortunately these attacks are a lot easier to carry out.
TrendLabs report that a new tool by the name “Super Phisher” has been detected:
The tool creates all the files necessary for the Phishing page such as an .HTML file that contains the actual page, and a .PHP file, which steals information and saves the stolen data to a .TXT file. In the screenshot below, note how the HTML page’s code refers to the local .PHP file and not the legitimate site (in this case, Yahoo!).
How to detect a Phishing site? Many of these sites look exactly the same as the legitimate site. What you need to check is the URL. This tool can’t hide the fact that the site is hosted on an URL that doesn’t seem quite right.
Always check the URL. If it looks suspicious, it’s better not to click on the link or – if you already did that – to just close the page.
Trend Micro™ Smart Protection Network™ detects Malware such as HKTL_SUPERPHISER using the file reputation service and protects users from accessing malicious sites via the Web reputation service.
If you want more protection, try downloading the WOT (Web of Trust) add-on for Firefox and IE. To learn more about WOT, please visit mywot.com.
I’ve heard about phishing attacks but I didn’t really know about the URL! At least now I know, thanks to you.
Andrew,
There’s many ways to prevent being attacked, but the best way is common sense.
Hey I heard about htis but dint know what exactly this is…Thanks to you know that you not only clear wht it is but also that how to take care of it…
I always receive this kinds of phishing email to m inbox. Sometime many try to phis even the Paypal links too.
Thanks for sharing this article.
As has been said, the main defence is common sense, just think before you click and ill in information, people get into data entry mode when on pc’s and tend to give away far too much information.
This news is scary specially I have a paypal account. I would like to have software to prevent this phishing activity. Thanks for the info, I really appreciate it.