Phishing made easier

Given the proliferation of phishing sites, you may be excused for thinking that phishing schemes are easy to set up. Unfortunately for the common Internet user, phishing has just been made easier.

TrendLabs report that a new tool by the name “Super Phisher” has been detected:

With this tool, a user can create a copy of the legitimate target login page and them upload it onto a hosting site. After the criminal lures the victim onto this phishing version of the site and the login information is entered, a .php file that has been dropped in order to receive this information does so, and the login credentials are saved into a log file.

How to detect such a site? It looks exactly the same as the legitimate site. What you need to check is the URL. This tool can’t hide the fact that the site is hosted on an URL that doesn’t seem quite right.

Always check the URL. If it looks suspicious, it’s better not to click on the link or – if you already did that – to just close the page.