Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    A spoofed Web site that bears a close resemblance to the legitimate Internal Revenue Service Web page was recently encountered by the Trend Micro Content Security Team. Distributed through spam, the phishing URL http:// {BLOCKED}, can be seen in the status bar when the cursor is hovered over the visible link as well as when the email is viewed via a text editor such as Notepad.

    Figure 1 Sample of spam containing link to phishing site

    The phishing site displays a message telling users that they are eligible to receive a tax refund of a specific amount. But here comes the interesting part: the user is then asked to select the bank to where the supposed “tax refund” will be credited through a drop-down menu that is displayed in the page.

    Figure 2 Screenshot of phishing site

    Upon selecting a certain bank, the user will then be redirected to a spoofed login page of whichever bank they had chosen. Below are screenshots of spoofed login pages from the said list:

    Figure 3 Spoofed Bank of America login page

    Figure 4 Spoofed Capital One login page

    Figure 5 Spoofed Wachovia login page

    All spoofed login pages of course prompt the user to enter their account credentials. This is a really clever attack; phishers are now making the users unknowingly choose for themselves which phishing attack will apply to them.

    URLs of all phishing sites are now blocked by the Trend Micro Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice