Google Chrome and Mozilla Firefox comes with a security feature that allows the browsers to receive blacklisted URLs of phishing sites which are known and these browsers won’t go to those sites unless the users specifically allows them to.
But a new phishing fraud is targeting bank and PayPal passwords and other private data of online users through a design that beats the security features of both Chrome and Firefox. This technique of bypassing the black-list based protection was discovered by M86 Security Labs.
This new technique uses the good old POST parameter in the HTML language. The users are no more required to visit the phony sites and fill out similar looking forms as in PayPal or online banking.
The users would receive the form as an HTML attachment. The gullible users when fill out the form and clicks on the submit button the attached form, the data on the form is sent out to the hacked PHP servers through the POST request. The thing to notice is that even though the actual URL where the data was being sent through the POST command is a phishing URL, but Chrome and Firefox wouldn’t be able to detect such activity at all.
The reason behind Chrome and Firefox not picking up on this kind of activity is the fact that not many hacked PHP servers end up in those black lists. Beyond this as the PHP code doesn’t show up on the client’s browser, there is not much that can be done to detect any phishing activity.
The users also play their part of not being informed of such activities and normal uses aren’t that sophisticated to pick up on such activity. More information can be found on http://labs.m86security.com/2011/03/phishing-scam-in-an-html-attachment/