Some phishing scams use JavaScript to alter the address bar to make it seem legitimate. This is done by placing a picture of the legitimate company's URL over the addresbar, or by closing the original address bar and opening a new one contain¬ing the legitimate URL.

In another method of phishing that is quite popular, an at¬tacker uses a trusted website's own scripts against the victim. These types of attacks (cross¬site scripting) are particularly nasty, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates ap¬pears correct. This attack is very hard to spot as it is the link to the website is crafted to carry out the attack.

Name: Website forgery , spoofing.jpg Views: 852 Size: 19.9 KB