Fraudsters are starting to use Flash-based content instead of regular HTML on phishing websites.

The ruse, recently noted on PayPal-mimicking fraud sites www.ppal-form-ssl.com and www.welcome-ppl.com, is reckoned to be an attempt to fool basic anti-phishing defences (such as browser toolbars) that look at page content. The move represents the latest salvo in the ongoing war between phishing fraudsters and security defenders.

Stats from the Anti-Phishing Working Group record that there were more than 37,000 unique phishing URLs in October 2006, 847 per cent up on the 4,367 recorded in October 2005. These sites are straightforward to locate once they are spamvertised but a new service from Domaintools provides alerts to firms about new sites featuring certain keywords, helping corporate to nip scams in the bug.®

Related stories

HMRC data debacle used to bait phishing lure (22 February 2008)
Bug brokers offering higher bounties (25 January 2007)
Phishers haul in money from Nordic bank (19 January 2007)
Dishonest data protection notices could earn jail time (18 January 2007)
HM Revenue phish surfaces (8 January 2007)
How the net changed the ancient art of the con (28 December 2006)
Opera adds tech to foil phishers (19 December 2006)
HSBC's anti-phishing dept takes 44-year holiday (19 December 2006)
Phishing scams thrive in the UK (14 December 2006)
Malware wars: Are hackers on top? (5 December 2006)
Phishing worm hooks MySpace users (5 December 2006)
Firefox outshines IE in phish fight (15 November 2006)
Prison terms for phishing fraudsters (14 November 2006)
eBay redirection ruse reloaded (13 November 2006)