Phishing – going the extra mile (with virtual keyboard)

Part of the complete engineering of phishing attacks is the authentic look of the actual phishing site. There are traditional bank phishing pages with simple username, password combinations such as this Lloyds phishing site:  

But what’s a phisher to do if the authentic site adds more complex features – like a virtual keyboard? Copy the virtual keyboard of course! This phishing page for ADCB (Abu Dhabi Commercial Bank) successfully mimics the virtual keyboard found on the real site – where the password may only be entered using the onscreen version. And yes, the phishing version is fully functional.