Yet another set of ways that folks can create fake web pages to fool users of Microsoft’s Internet Explorer — up to and including showing a fake address in the address line, and a fake “secure” lock down in the status bar. Yeesh.
So basically you could be directed to a web page that looks and is addressed like a legit web site, includes a lock down at the bottom (“Look at me! This is a secure transaction!”), and proceed to give your credit card info to some scammer.
Swell.
Meanwhile, Microsoft is thrashing about for a solution to the problem. Users of other browsers do not have this problem (and, in fact, IE-based SlimBrowser doesn’t have the address display flaw, though it does show the lock incorrectly).
Bottom line (aside from providing more grist for the anti-M$ mill), the best technical protection is actually behavioral. Make sure you’re convinced that you are dealing with a legitimate site and entry screen before keying in important info. Don’t accept at face value links in e-mails, but examine them carefully for questionable information; most companies that need you to “validate your account” or take some further action that involves critical info will probably also have a legitimate way to get to that screen from their actual top-level site.
Be smart. It’s a better bet than trusting that IE (or any other program, for that matter) will be smart for you.
(via Les)
The best technical protection is indeed behavioral. Don’t use Internet Explorer to begin with!
I’ve already received spam that appears to take advantage of this exploit.