Mime Sniffing and Phishing

Arbor Networks has blogged about a phishing attack that uses the fact that IE does not use (or believe) the Content-Type tag returned by an HTTP response and instead tries to detect MIME types on its own. In this case, phishers are using that to come up with content that only renders in IE browsers.

Src: Mime Sniffing and Phishing | Arbor Networks Security

No comments: