Scammers of "phishing" scams have not stopped, and they have become smarter.
Phishing scams are a technology used by hackers. They use e-mails to trick users into seemingly extremely real fake websites, such as the websites of your bank. Once a user logs on, the victim will unconsciously disclose his/her personal financial information. The "phishing" scam scammers use this information for e-commerce fraud and identity fraud and theft. Most people are alert to these scams due to some well-known "phishing" attacks.
But now the scam has become more rare. In the new scam, e-commerce companies may become unintentional accomplices, because even the smartest online users may not be aware of this scam. This "mixed" phishing scam exploits legitimate websites of organizations trusted by people, rather than fake websites and fake URLs. As a result, even the most cautious users cannot identify fake links as threats.
The new scam combines the traditional scam method with another technology, that is, the so-called cross-site scripting, which can cause significant harm, the method is to execute an illegal script program on the attacker's browser. The trigger is the link of the embedded email script.
After an email is clicked, the attacker is sent to a legitimate website and malicious links perform several actions on the legitimate website. For example, a pop-up registration window is generated. Once you log on, hackers can access the website or obtain the personal information of the attacker. This link also uploads a Trojan horse or virus to your computer.
Phishing scams even use cross-site scripting to damage websites. They embed images normally displayed on other websites into attacked websites. Because the script program cannot be installed on the service, the attacked company does not know that their website and Brand have been damaged until the user is notified.