Phishers are making use of the Advanced Encryption Standard (AES) to conceal the malicious nature of their websites, according to security firm Symantec.
Nick Johnston of Symantec said: "This technique may be a first, albeit basic, attempt at using AES to obfuscate phishing sites.
"There is no attempt made to hide the key or otherwise conceal what is going on. However, we expect that as phishing detection matures further and improves in effectiveness, attacks like this will become more sophisticated."
The AES was adopted by the US government in 2002, and is used by the National Security Agency (NSA) to protect classified information in systems approved by the snooping group.
They have also made use of escape characters, which are used as part of URLs to avoid the misinterpretation of certain characters, for example by substituting a space for "%20".
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.