Top 5 Obfuscation Techniques

In addition to the tactics mentioned above, phishers go to great lengths to obfuscate the fraudulent character of their pages. Among the most common methods developed over the past three years are the following:

1. Spoofed E-Mail Addresses: Phishers use a variety of techniques and shareware tools so that the phishing e-mail appears legitimate (for example, customerservice@TARGETEDCOMPANY.com).
2. Spoofed URLs: Many high-tech techniques have been developed to spoof URLs. One technique involves using JavaScript that covers the URL window at the top of the user's browser with a graphic or text. Others use browser-specific vulnerabilities to obfuscate the URL. Both techniques result in the legitimate URL being displayed instead of the fraudulent URL. Furthermore, it is possible to have URLs that contain specially encoded characters that resemble standard American Standard Code for Information Interchange (ASCII) characters, which can also be done with International Domain Names (IDNs) to make addresses display nearly identical to the Web site being spoofed.
3. Similar-Sounding URLs: In this case, the fraudulent Web site has a URL that sounds similar to that of the targeted company (for example, www.searss.com, www.discovercardaccountinfo.com). This was initially a very common practice but is falling out of favor due to increasing user sophistication and increased efforts by companies to purchase such domain names. A more sophisticated version is a "homograph attack" in which the phishing Web site incorporates nonstandard characters, such as a Cyrillic character that resembles the letter "A," to generate a malicious URL that looks identical to the legitimate URL.
4. Phishing Using Only IP Address: Rather than a URL, the Web site uses an IP address. This could confuse nontechnical users, who might trust a Web site identified as a string of numbers as opposed to a Web site with a suspicious-sounding URL.
5. Pop-Up Windows: When using pop-up windows, phishers direct victims to a Web site that opens the legitimate bank's Web site with a fraudulent pop-up window over it. This pop-up window contains the fields for entering the user's login and password.