IFrame Detection

Attackers can inject a hidden iframe into a webpage and steal the user’s session (cookie). This attack is similar to a redirect, however by leveraging the iframe technique, attackers can perform illicit behavior behind the scenes and avoid the detection of having visited a malicious website.

The following steps illustrate how the Phishing Watch works when an iframe is used:

  1. The Phishing Watch JavaScript snippet is created and embedded in the website.
  2. The snippet launches each time the webpage is loaded/refreshed.
  3. When the snippet identifies a nonformal suspicious website (by inspecting the URL of the webpage), it reports the suspicious URL back to Threat Command servers in a stealthy, low footprint manner.
  4. The Threat Command phishing detection algorithm determines whether the reported website could be used for phishing.
  5. The snippet's whitelist excludes cases where it may be operating on the organization's official website.

temporary placeholder