Most Popular

• Tomcat SSL Installation Instructions
• More Discussion About How Firefox 3 Handles SSL Certificates
• How to use SSL Certificates with Exchange 2007
• The Most Common Java Keytool Keystore Commands
• Free SSL Certificates from a Free Certificate Authority

Login:

New phishing attack pretends to create a personal certificate

A new phishing attack, imitating the Bank of America website, tries to gain users trust by claiming to create a personal certificate to be authenticated by. TrendMicro reported on how this was done:

In Internet Explorer, it asks the user to run a Microsoft ActiveX control called “Microsoft Certificate Enrollment Code.”

After running the add-on and upon filling up the required information, it asks the user to download an .EXE file, sophialite.exe.

This is quite clever. From the explicit display of login or confirmation page that is easily verified as phishing, they have turned to the creation of digital certificates, a ploy that can actually convince users to take the bait.

Digital Certificates Not Always a Safety Guarantee - [TrendMicro]

Digg del.icio.us Reddit

Write a comment

Name:
Email: (not published)
Subject:
Comment:

Security Code:
 

Post Comment