Most Popular

Login:

Your Login Details


Forget Your Password?

Create an account

New phishing attack pretends to create a personal certificate

A new phishing attack, imitating the Bank of America website, tries to gain users trust by claiming to create a personal certificate to be authenticated by. TrendMicro reported on how this was done:

In Internet Explorer, it asks the user to run a Microsoft ActiveX control called “Microsoft Certificate Enrollment Code.”

After running the add-on and upon filling up the required information, it asks the user to download an .EXE file, sophialite.exe.

This is quite clever. From the explicit display of login or confirmation page that is easily verified as phishing, they have turned to the creation of digital certificates, a ploy that can actually convince users to take the bait.

Digital Certificates Not Always a Safety Guarantee - [TrendMicro]

 Digg  del.icio.us  Reddit

Posted on April 17, 2008

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment