Fraudsters are starting to use Flash-based content instead of regular HTML on phishing websites.
The ruse, recently noted on PayPal-mimicking fraud sites www.ppal-form-ssl.com and www.welcome-ppl.com, is reckoned to be an attempt to fool basic anti-phishing defences (such as browser toolbars) that look at page content. The move represents the latest salvo in the ongoing war between phishing fraudsters and security defenders.
Stats from the Anti-Phishing Working Group record that there were more than 37,000 unique phishing URLs in October 2006, 847 per cent up on the 4,367 recorded in October 2005. These sites are straightforward to locate once they are spamvertised but a new service from Domaintools provides alerts to firms about new sites featuring certain keywords, helping corporate to nip scams in the bug.®