September 30, 2004 — (WEB HOST INDUSTRY REVIEW) — A sophisticated new phishing attack appeared this week, targeting SunTrust Bank, and using the company’s own Web site to collect customer information, according to a report released Thursday by Internet research and reporting firm Netcraft (netcraft.com).
r
r
The attack reportedly inserts a form into a frame found within the SunTrust Web site, giving targets of the scam the impression that the form is part of the bank’s official site.
r
r
According to Netcraft, the framed page was linked to, on the SunTrust Web site using a url that included characters inserting the second page into the frame. The phishers created a similar URL that inserted a page hosted on a different remote server.
r
r
The new attack is a troubling advance in the phishing trend, as the use of the bank’s own site lends the false email and form additional credibility.
