Phishing files disguised as login pages such as Naver, Nate, etc… Demonstrate meticulousness in automatic ID entry
Using codeless form to leak information, sending account information to attackers
“You shouldn’t even try” to access via emails or links from unknown sources.
[보안뉴스 박은주 기자] Phishing files similar to the login pages of popular national portals such as Naver and Nate are distributed. For the purpose of stealing user account information, be careful about accessing via emails or links from unknown sources.
▲(From left) Naver login phishing page, normal page[자료=ASEC]
Based on data provided by the AhnLab Security Intelligence Center (ASEC), the images were placed side by side to compare the phishing page and the regular login page. Just by looking at it, it’s hard to tell which page is normal. This is because the attacker used the site’s normal source code to deceive users. In the past, many cases of theft of accounts disguised as login pages for national portals, transport, logistics, brands, webmail, etc. have therefore been discovered.
▲ Naver login ID entry form code where email value is entered[자료=ASEC]
Attackers continually attempt to steal account information entered by users. In particular, elaborate tricks are used to trick users into logging in via phishing pages. When you enter an ID, the ID is automatically inserted using the previously found email address. The user may inadvertently enter the password by looking at the entered ID. Currently, the phishing page has a different address and ID and password delivery method than a normal page.
▲Using NoCodeForm to disclose Naver account information[자료=ASEC]
According to ASEC, “NoCodeForm” was used as a method to leak account information. No Code Form is a tool that provides a way to deliver results submitted in HTML form via user email or Slack. When you create an account, a unique form ID is created, through which you can receive values entered by external users.
This way attackers continuously distribute phishing pages that use normal website sources. Therefore, if you are not accessing a regular website, you should not attempt to log in. “If you attempt to log in, you should immediately change any associated passwords,” ASEC advises.
[박은주 기자(boan5@boannews.com)]
www.boannews.com) Reproduction and redistribution prohibited >
#real #Naver.. #Phishing #alert #disguised #portal #login #page
