Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Quote
September 22, 2005
New Phish Deceives With Phony Certificates
By Gregg Keizer
A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday...
The new phish blends traditional elements with the new twist of a self-signed digital certificate, said Larson. It starts the same as most phishing attacks, with spammed e-mails urging recipients to click on a link to update a financial account. The destination is a spoofed version of a real site which requests the consumer enter his or her username and password to verify the information (supposedly because unauthorized access has been detected from an overseas IP address)...But this campaign goes above and beyond the typical. The spoofed site uses the HTTPS protocol so that the browser shows the standard "lock" icon designating a secure site...
New Phish Deceives With Phony Certificates
By Gregg Keizer
A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday...
The new phish blends traditional elements with the new twist of a self-signed digital certificate, said Larson. It starts the same as most phishing attacks, with spammed e-mails urging recipients to click on a link to update a financial account. The destination is a spoofed version of a real site which requests the consumer enter his or her username and password to verify the information (supposedly because unauthorized access has been detected from an overseas IP address)...But this campaign goes above and beyond the typical. The spoofed site uses the HTTPS protocol so that the browser shows the standard "lock" icon designating a secure site...
securitypipeline.com/news
Back to top
