[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]
[further content was recovered on 13 October 2018]
If you’ve been on the internet for any length of time at all, you’ll probably have come accross the concept of a phishing [wikipedia] attack, or even been the target of one. The idea is that Joe Naughty sends you an e-mail, pretending to be your bank, credit card company, or whatever, and when you click the link in the e-mail it takes you to your bank’s web site. Or that’s what you think, anyway. Actually, you’re at Joe Naughty’s web site, and it just looks like your bank’s web site. And so he tries to trick you into giving him your bank details, so he can rob you blind.
I was recently the target of such an attack (one related to the CitiBank browser-bar scam [bbc news]). In this particular attack, the fake site tries to trick you into thinking it is the real site by making your Internet Explorer address bar ‘disappear’, and then replaces it with a picture of an Internet Explorer browser bar saying that you’re on the real site.
I decided that this was a particularly crude hack, and that I could do better. And …