[funsec] Dealing with graphical Keypads on phishing sites

Gary Warner gar at askgar.com
Sat Dec 1 08:35:31 CST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's an interesting approach to dealing with the Graphical Keypads
that Standard Bank uses on their website to avoid Keylogger interception
of PIN numbers:

http://www.99fcc.com/images/stories/Standard.html

This phisher just placed a graphic where the PIN Pad was supposed to be
that says:

      PIN Pad is
      discontinued

and gives a box for the customer to type his PIN instead.


- --



- --------------

Gary Warner
Director of Research in Computer Forensics
The University of Alabama at Birmingham
gar at cis.uab.edu            gar at askgar.com
205.934.8620               205.422.2113

- --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHUXEzg79eYCOO6PsRAlOUAJ40/8o77p2p5x6HoX4UdB5205mUqwCfZbIU
ENDsQsAN/qkyAdoilvt+CHs=
=KD4Z
-----END PGP SIGNATURE-----


More information about the funsec mailing list