The phishing email's supporting website is built to look just like the legitimate website it claims to be. The fraudsters use a variety of techniques to accomplish this, including using realistic-looking photos and text, hiding the URL in the address bar, and even eliminating the address bar entirely. The aim of the website is to deceive customers into believing they are visiting the company's legitimate website and providing personal details to the reputable company they believe they are dealing with.
Phishing websites use stolen images and text, and in some cases, they actually mirror the legitimate site. This will include standard website links such as contact us, privacy, goods, and services, among others. The user knows the material from the legitimate website and is unaware that they are not on the legitimate website.
Some phishing websites have registered a domain name that is identical to the company they claim to represent. One phishing scam targeting Barclays Bank, for example, used the domain name "http://www.barclayze.co.uk." Other examples include using a sub-domain like "http://www.barclays.validation.co.uk," where the real domain is "validation.co.uk," which has little to do with Barclays Bank.
In phishing scams, the most popular method of gathering information is through forms on a fake website. The type is usually shown in the same manner as on the official website. This may be a log-in for Internet Banking or a more comprehensive type for verifying personal information, with several fields for personally sensitive data.
Some phishing scam websites don't even try to confuse users with their URL, hoping that they will go unnoticed. Some simply use IP addresses, which appear as numbers in the address bar of the user's browser.
The removal of the address bar is combined with the use of scripts to create a fake address bar using images and text in this form of URL spoofing. The phishing email's connection opens a new browser window that closes and reopens without the address bar or, in some cases, the status bar. The new window creates a fake address bar in place of the original using HTML, HTA, and JavaScript commands.
A text object with a white background is placed over the URL in the address bar in this form of URL spoofing. The fake URL is contained in the text object, which hides the real URL.
This form of deception includes using script to open a legitimate webpage in the background while a bare pop-up window (with no address bar, toolbars, status bar, or scrollbars) is opened in the foreground to show the fake webpage, in an effort to trick the user into thinking it is directly connected with the legitimate website.
Trojan and worm viruses are sent to users as email attachments, ostensibly for a specific reason, such as greetings, vital files, or other SPAM email. The attachment is a program that takes advantage of flaws in Internet Explorer to force a download from another device on the network. This file downloads additional files and passwords, ultimately resulting in the installation of a fully functioning Trojan virus.
The Trojan is intended to harvest or check for personal banking information and passwords that many people keep on their computers. This data is then sent over the Internet to a remote device.
When a user types a particular URL (normally for a specific financial institution) into the address bar of their Internet browser, other worms have been known to hijack the user's HOST file, causing an automatic redirection to a bogus phishing web site.
Spyware, such as keyloggers, collect data entered on legal websites, such as Internet banking pages. A previous worm or Trojan infection can be used to install this form of spyware on a user's device. The spyware sends any information it collects to a predetermined device on the Internet.
The connection in the email was used in a recent phishing scam to guide users' browsers to a site where they could download keyboard logging spyware before being redirected to the legitimate Internet banking web site. This spyware recorded the login details entered and sent it to the fraudsters over the Internet via a remote device.