Phishers Embed Forms as Hooks

Alex Eckelberry at Sunbelt noted a nifty phishing development: embedded forms. Phishers are spoofing forms from reputable sources- think PayPal, large banks, etc. Considering the advances in phishing: correllating name, position, and email addresses for high-level corporate interests; these emails may look very convincing in the future.

There is some irony in the content of this phishing message, which warns users that their accounts may have been highjacked by a third party – aside from the tense, the sentence is honest. Eckelberry writes: “This makes things easier: No phishing site to have to maintain. No browser-based phishing filters to worry about.” And a bit more of a pain for users.

Remember to be skeptical in cases when “service providers” diverge from normal protocols. Checking with the service provider (though not by clicking on links contained in the email) can help you avoid phishing pitfalls.