Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

Incident WHID 2006-13

WHID 2006-13: Hackers Tap Banks' Web Sites In Unique Phishing Attack
Date: 17 March 2006
Incident Type: Security Breach
WASC Threat Classification: Defacement

In this very interesting attack a hacker broke into the informational web sites of several smaller banks in Florida. He than changed the link on the informational pages that points to the outsourced transactional web site to point to his own phishing site. While the vulnerability that enabled the hacker to penetrate the informational sites is not known, this is a very interesting example of a targeted web attack. It highlights the importance of protecting every web site and not just the core business logic.

References:



This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
© Copyright 2005, Web Application Security Consortium. All rights reserved.