It's official. Google's redirection hole, formerly used for spam, is currently an excellent tool in the hands of phishers.
Why is this bad? Because 99% of Internet users trust google and when they see a link starting with "www.google.com" they think it's part of google or a site google knows about and has included it in its structure. WRONG!
What do I mean? Check this out...
This is a huge hole. Anyone can have google as his referrer to a malicious site. Just for the sake of it try entering the link from above (if you haven't done already). And open another tab in your browser with the real signin page from ebay.com. Can you tell the difference? An experienced (or suspicious) user might notice there is no SSL established in the fake page but that's something most victims don't even know about.
Oh and by the way this issue has been known for over six months :P
Subscribe to: Post Comments (Atom)
Post a Comment