Internet Explorer hit by new phishing flaw


Internet Explorer hit by new phishing flaw

Antony Savvas

Another serious security hole has been unearthed in Microsoft’s Internet Explorer browser, which could lead to users being tricked into thinking fake phishing sites are genuine.

The error in the browser can be exploited to fake the address bar in the user’s browser window, warned security monitoring company Secunia.

This flaw could allow phishing scams to trick people into believing they are on a legitimate site, when they are in fact viewing a fraudulent web page.

When a user clicks on a phishing e-mail web link, they are usually directed to a site that looks like the original, but which has a different address in the top bar. The IE flaw helps to cover up this difference.

An error in the way the IE browser loads web pages and Macromedia Flash animations is the cause of the problem, said Secunia.

Microsoft said it was studying the flaw, the fourth reported flaw in IE in just over two weeks.

Both Secunia and Microsoft said they were so far not aware of any phishing attacks that used the latest flaw.

Microsoft has confirmed it will be patching at least one of the three previous serious flaws next Tuesday, as part of its monthly patching cycle.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy