Most Popular
- The Most Common OpenSSL Commands
- Stop the "page contains secure and nonsecure items" warning
- How To Configure SSL Host Headers in IIS 6
- Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
- How to Create A Self Signed Certificate
Login:
New phishing attack pretends to create a personal certificate
Digg
Slashdot
del.icio.us
Reddit
furl
A new phishing attack, imitating the Bank of America website, tries to gain users trust by claiming to create a personal certificate to be authenticated by. TrendMicro reported on how this was done:
In Internet Explorer, it asks the user to run a Microsoft ActiveX control called “Microsoft Certificate Enrollment Code.”
After running the add-on and upon filling up the required information, it asks the user to download an .EXE file, sophialite.exe.
This is quite clever. From the explicit display of login or confirmation page that is easily verified as phishing, they have turned to the creation of digital certificates, a ploy that can actually convince users to take the bait.
Digital Certificates Not Always a Safety Guarantee - [TrendMicro]
Posted on April 17, 2008
Write a comment