Security News Hidden JavaScript Redirect Makes Phishing Pages Harder to Detect

A

Alkajak

Thread author
Hovering links to see their true location may be a useless security tip in the near future if phishers get smart about their mode of operation and follow the example of a recent crook that managed to bypass this browser built-in security feature.

Usually, phishing emails contain links that redirect users to Web pages crafted to look like the real service they're imitating.

Users have always been instructed to hover links in the emails they receive or the buttons on a suspicious page to detect if any of the links lead them back to a trusted domain, or just a look-alike URL.

New phishing trick uses JavaScript to hijack the user's clicked links
A UK-based security researcher known by @dvk01uk, owner of the My Online Security blog, has come across a new phishing trick.

He says he spotted a phishing email that contained an HTML page attachment. When he opened the page in his browser, the page loaded using a local client-side URL, but this wasn't what caught his eye.

Hovering the "Submit" button showed an authentic PayPal URL, which made no sense. Why would a phisher go through all this effort to deliver a non-functional page that delivered phished credentials to the real PayPal website?

He found his answer in the JavaScript files loaded by this phishing email, which contained code that hijacked user clicks.

The malicious JS code was set to replace any requests to paypal.com wth with the malicious phishing URL, right after the user clicked the link. Hovering the URL would not do anything, and the browser showed the correct PayPal link.

Close, but no cigar
The attacker's only mistake was to provide this HTML file as a downloadable page, something that should ring thousands of alarm bells with any user, since Web services never provide you a copy of their Web pages, but ask you to visit their sites.

"Now if the phishers were intelligent enough to put this on a website with a half believable URL, something like http://paypalnew.com which was used in a series of Phishing attacks yesterday, we would be in trouble, because users wouldn’t realise that they were giving their details to a phisher," My Online Security writes.

Unfortunately, if you can't read JavaScript code, you will have a hard time recognizing this phishing trick if it ever gets implemented by a more apt cyber-crook.

Below is an image of the phishing page that opened in the user's browser from a local URL. Notice the address bar URL.

hidden-javascript-redirect-makes-phishing-pages-harder-to-detect-505295-3.png


Full Article: Hidden JavaScript Redirect Makes Phishing Pages Harder to Detect
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@hjlbx: Indeed since it is so powerful where in the sense, everything may access and create numerous security risk. Endless battle with security programs.
 
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top