New Phishing Techniques Used By Fraudsters


Phishing Malware researchers and security experts who are on the “watch” have recently reported an unusual phishing technique. Phishing is the name that is given to a fraudulent practice whereby tricksters send emails as if from reputed companies with the aim of inducing the recipients to part with their personal details such as credit card information, passwords, etc. Phishing is a common technique employed by fraudsters to make money, and they are always trying out new methods to steal valuable personal information from unsuspecting individuals.

Recently, a malware researcher from UK “@dvk01uk” came across a new phishing campaign. This phishing method used a hidden JavaScript code which redirected the data that was submitted by the unsuspecting user while the “Submit” button still shows as going to

One technique that is suggested to users to avoid giving away information to phishers is to hover the mouse over the “Submit” button or link and ensure that the link is to the right “safe” location. However, with phishers using hidden JavaScript redirection, this is no longer is a safe suggestion for the user.

This JavaScript code is designed to capture any interaction with and diverts them to the phishing page. The “Submit” button in this case first goes to the PayPal website to quell any suspicions. However, JavaScript running on the page intercepts all the information that is received here and sends them to a phishing page. It must be noted that the user’s browser is all the while on the PayPal page. The JavaScript code is designed to run as soon as the HTML attachment is loaded. Commonly, standard phishing kits are employed by fraudsters.

The malware researcher says that it is possible for unsuspecting users to protect themselves from this latest phishing technique. However, there is no surety as to how long the protection would work. The researcher says that the phishing page is an HTML one that is asked to be opened on the user’s computer and is not a website link. Users are always advised not to fill in any HTML pages or open email attachments. Nevertheless, if the phisher places this on a site with a believable URL, then it becomes very difficult to detect that it is indeed a phisher’s attempt to hijack your data. As an example, the latest phishing attacks used a URL “” This makes it difficult for unsuspecting users to discern genuine sites from the false ones. On closer examination, the security experts detected that CSS and JS files that reside at the top of the HTML code page did not belong to that of PayPal.

Phishing – Protect Yourself

Phishing_magnifying_glass_fiMost of the phishers’ emails use social engineering tricks to get the user to open email attachments or click on a suggested link. When unzipping unknown files, it is important to ensure that the known file extensions are enabled. Any file with an .EXE, .COM, .PIF, or .SCR extension should not be opened or run. Turning on and using a Smart Screen Filter helps to tighten security. This is an inbuilt feature of Windows 7 or Vista and Internet Explorer (11 or 9, respectively) that helps to scan all the visited websites as well as all web-based downloads. It alerts the user and blocks entry to known infected files or malicious executable files. Windows 8.1 and Windows 10 also have enhanced protection features. The smart filter is turned on when the computer is opened. Browsers also have protection features that should be turned on. It is important to be wary of the links that come along with emails purportedly from banks, PayPal, insurance companies, etc. Do not click on the link. In case you accidentally click on a link, do not proceed to enter any information. Just close the browser window. It is important to be aware that credit card companies, financial institutions, ISPs, etc., never send HTML form attachments along with emails. Sites like PayPal also use the two-step verification methods to protect their users’ accounts. This acts as a protection even when the users’ passwords are compromised. However, in the current scenario, most anti-viruses and phishing filters are designed only to look at the URL for the “Submit” button and do not examine the JavaScript files that are linked.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.