Royal Bank of Canada: Phished and Double Phished!

April 2nd, 2008 by Ralph Hernandez (Anti-phishing Engineer)

Trend Micro uncovered another phishing Web site that attempts to steal confidential credit card information.

Below is a screenshot of the Web site:

Using string manipulation, it is able to spoof the official Web site of the Royal Bank of Canada. Note that the said URL contains a variation on the actual domain name (”banking” vs. “bank”) to trick the users into thinking that it is the official Web site of the affected bank.

The spoofed URL masks the actual phishing URL by using a certain frame source. This frame source URL is responsible for gathering account-related information, such as credit card numbers and account passwords, from the affected users.

What is interesting about this phishing attack is that when the first frame source URL is blocked, a second frame source is used. The next time the phishing Web site is visited, it already uses another frame source URL. This is clearly a distinct approach in circumventing security restrictions related to phishing attacks.

Furthermore, it was determined that the domain used by this phishing Web site is registered for just one year. Dubious indeed, if one considers how a supposedly legitimate Web site intends to operate for such a short term.

As of this writing, Trend Micro customers are protected from this phishing attack, with the said frame sources already blocked by our products, preventing them from redirecting unknowing users to other phishing Web sites.

(1 votes, average: 4 out of 5)

 Loading ...