Chromeless Phish

When I built the visual spoofing demo, I could have done it in several ways including chromeless window but I went for the simplest way.  It turns out that some smart phisher recently launched a chromeless window-based phishing attack.  Following is screenshot of the browser window showing the phishing site which was still active at 11:51AM.

The webpage and the URL portion of the addressbar is fake.  What's happening is that the phishing site opened a chromeless window to overlay the fake URL over the real address which can be discerned by dragging another window over.  It's using a IE 5.5 specific feature to float the fake URL over everything.  The interesting thing about this trick is that it can potentially defeat many phishmark implementations such as my own 9-block phishmarkPassMark and background-based phishmarks are still effective though.

Advertisements