Clever IE Spoof

Psych

Senior member
Feb 3, 2004
324
0
0
I hope this isn't considered SPAM or anything, but I was unsettled just a little while ago. I was sifting through my usual medley of useless E-mails when I came across an E-mail which I could identify as a phishing attempt. I went to the website for laughs with Firefox (just in case), and it told me that I needed to use IE. So I log on as a limited account and try it out. HOW DID THEY DO IT??? The address seems perfectly legit, and the properties and such seem to check out. But the view source shows up empty. Are they getting more and more clever? Is this an IE security hole? Is this just an idiosyncracy? If I was just a little less cunning, I might have fallen for it.

Suntrust Spoof

EDIT: Um, to prevent being flamed to death, I'll mention that I did figure out that the address bar is not the real one, but I have no clue how it floats up there. It moves with the window, too. And that they ripped the source right out of the official page.
 

orakle

Golden Member
Nov 28, 2002
1,122
0
0
heh, they likely ripped that exploit code right out of securityfocus or whatever too. it says "demonstration requires ie 5.5+" or something like that. I mean seriously, try more thinking and less copy-pasting. This isn't anything new, i remember reading about this a few months back. Note the code at the bottom of the page
 

Psych

Senior member
Feb 3, 2004
324
0
0
Yes, but the thing is, when you try to look at the external Javascript, it gives you an error. Same with the css document, and there is no way to tell if it really doesn't exist, or whether the server is playing a trick on you. Still don't get how the heck they got the graphic to cover up the address bar, though.