A new technique called “visual spoofing” provides a way for Internet phishing scams to convincingly mimick the web sites of banks and credit card companies. The technique alters the user interface of the web browser, substituting images for parts of the browser interface that would normally help users detect the fraud.
Phishing attacks seek to trick account holders into divulging sensitive account information through the use of e-mails which appear to come from trusted financial institutions and retailers. Such scams have multiplied in recent months, with many taking advantage of a bug in Internet Explorer that made it easier for fraudsters to simulate the URLs of target financial institution.
Microsoft issued a patch to repair that problem on Feb. 2. Visual spoofing does not rely on the URL spoofing, relying instead on the fake images to accomplish the deceipt.