Phishing Exposed

Summary

We explored three types of targets that lead to potential vulnerabilities for cross-user attacks:

  • Redirects

  • Reflective queries

  • Mis-configured error pages

Cross-Site scripting or CSS for short, is an intricate attack that utilizes the servers poorly implemented environment, be it web code or HTTP server vulnerabilities, to attack the user. This is performed in many variants, but the basic concept is when injection of un-trusted code within a trusted origin is utilized to attack the User-Agent. Phishers can use this attack by bulk-mailing a poisonous link that contains the trusted origin accompanied with a disguised attack payload.

Phishers arm themselves with a boundless arsenal against their victims in an effort to gain privy information and increase their profits. Cross-user attacks, including but not limited to CSS, at this time, have been an underestimated threat in regards to phishing attacks, but unfortunately phishers have employed these techniques in the past and will take ample opportunity to exploit them in the near future. The appropriate defense against this is to arm yourselves with the knowledge of HTTP, proper coding practice including input validation, and auditing skills so that you may locate these vulnerabilities within your own sites.

Consumer Mis-education is the practice of legitimate commercial emails being delivered to the company s customers in a manner that only inhibits phishing defenses. These emails tend to confuse the customer, and do not follow good practices when communicating with their customers. Many of these legitimate emails are a prime target for phishers to induce a...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Security Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.