Phish Page Steals Your Details, Then Logs You In

| | Comments (1)
One of the few things that - perhaps - alerts users that they've been phished is when (after entering perfectly valid login details) they see something like this:

hablog6.jpg

...or like this:

hablog7.jpg


Generally, when net-savvy users get phished, they're alert enough to know that messages such as the ones above are a clue that they might have stumbled onto a Phishing page (assuming they're 100% sure they entered their details correctly, of course). This "break" in the login cycle has always been a weakness of a phish page, and the typical flow of events is as follows:

1. Visit Phish page
2. Enter details
3. User is told "your login cannot be processed at this time", and your information is stolen

What if the process could go like this:

1. Visit Phish page
2. Enter details
3. Phish page steals your information, but logs you into the target site

You'd miss that vital clue - the failed login - and assume everything was okay.

Well, a Phish for the popular Habbo Hotel caught my eye today because it does just that - seamlessly logging you into Habbo Hotel once your details have been stolen. Here is the Phish page in question:

hablog111.jpg
Click to Enlarge

Here I am, entering my login details into the page:

hablog2.jpg


At this point, a regular Phish page risks giving the game away because of the familiar variations on "Your login could not be processed" that appear at this point in the procedure.

However, the Phish page takes you to a page hosting an encoded base64 script (inside which, the hidden code goes about its business of logging you into the site for real. No, we're not going to make it easier for wannabe Phishers and show everyone how its done).

From there, the user is deposited onto the Habbo Hotel website, fully logged in - no "Your login could not be processed" messages here!

hablog41.jpg

Click to Enlarge

Meanwhile, my login has been stolen (it's the one in red) and placed in the ever growing pile collected by the Phisher:

hablog5.jpg
Click to Enlarge

From the point where I decided to login to Habbo Hotel, to the point where I'm actually logged into the site there is no break in the usual procedure and I have absolutely no indication I've just been phished. If this kind of devious tactic is employed for banking phishes, it'll make it all the more crucial that end-users start to think about running Anti-Phishing programs and browsers that have built-in Phish Detectors because the stakes seem to have raised once again.

1 Comments

What is this Habbo Hotel anyways...sounds like a suspicious page. I just stay away from all games, excluding boneland.com and homerunner.com. Flash apps as you have mentioned before can be exploited....via downloading fake Adobe Flash software.

Habbo Hotel sounds like those NeoPet phenomenon that happened amongst tweens a while ago and other pages that throw you into a virtual-world that mimiks the real one.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 22, 2008 3:15 PM.

Spammers Take A Cheap Shot... was the previous entry in this blog.

Pass It On! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.