Phishing Exposed

Solutions Fast Track

Attack Vectors

  • Redirects that do not sanitize external CRLF requests

  • Queries that reflect evaluated script code

  • Proprietary 404 pages that reflect evaluated script code

Avoid Consumer Mis-education

  • Do not request personal information updates from your customers via email

  • Do not send emails in a similar manner that phishing emails are sent

  • Do not use click here links

  • Do not link to third party sites

  • Protect your website from vulnerabilities that enable phishing threats

Redirects

  • Unfiltered redirects can and will be problematic when phishers footprint your company hosted domain.

  • Many redirects are vulnerable to header injection and HTTP response splitting attacks, enabling cross-site scripting against the User-Agent.

  • Implement proper filtering and audit the filtering by running fuzzy tests against your site.

Queries

  • Unfiltered queries found in search engines, stock tickers, miscellaneous forms, and arbitrary queries that reflect user input can be used to launch cross-site scripting attacks.

  • Depending on the query, a combination of threats can exist including cross-site scripting, header injection and arbitrary redirects.

  • Filter out unnecessary characters such as <> and %0d%0a to assist in prevention of CSS.

404 Pages

  • Mis-configured 404 pages can be a serious threat to your online business as it enables phishers to construct malicious links in an arbitrary manner in order to gain misplaced trust with the user.

  • If at all possible, use well known web servers and their internal 404 page implementation. Servers like Apache and IIS implement proper filtering for 404 s and are safe to use.

  • Glorified or modified...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Security Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.