Scam Artistes Employ Flash Technology

Online imposters are starting to adopt a well-known media format aiming websites engaged in phishing scams, says a Web security company. The scam professionals are creating websites, which use Flash technology of Adobe Systems Inc., reports F-Secure Corporation. Until now only legitimate sites would make use of the Flash technology to expand their products' features with moving graphics and even video.

One of the functions of Flash is to compress and encode text, images, and other elements to make a single file, called SWF file. This file complies in it all the information as one unit or object. By using a Flash player the resulting file can be displayed and embedded into a web browser.

Until now there have been many phishing websites employing content that's Flash-based in place of HTML, wrote Mikko Hypponen, chief research officer of F-Secure in the company's weblog on January 3, 2007.

According to Hypponen's descriptions, the currently prevailing security tools like the ones based on the browser typically scan the HTML code of a web page, one line after another to check if it is an attempt to fraud. Thus, whenever suspicious content is detected, the web surfers can be put on alert.

But, since Flash files are handled as a single component, detectors don't examine them. As a result no warning would surface and the reader would become vulnerable to attacks.

Hypponen picked two instances that copied the first page of PayPal, well known payment website that is owned by eBay Inc. The fraudulent site was able to encode the page in Flash's SWF file. He wrote that when someone types in his login details, the SWF file shows a new page asking for the person's credit card information.

It is the time when crafty social engineering techniques and fake websites or phishing e-mails part the unwitting user from his private information or money, say industry observers. Scam artistes are launching sites that last only for an hour, rob users and then fade out.

According to F-Secure, PayPal and eBay like before are the most favorite targets for phishers but the newer targets are some German banks.

Related article: Sixem Worm Striking World Cup

» SPAMfighter News - 1/9/2007