Google Chrome hit with new phishing scam that uses fake address bar to steal passwords

Mail Online | 4/29/2019 | James Pero For Dailymail.com
cyanbyte (Posted by) Level 3
Click For Photo: https://i.dailymail.co.uk/1s/2019/04/29/21/12876094-0-image-a-20_1556568855702.jpg

A new and surprisingly simple phishing method has affected Google Chrome's mobile browser, disguising itself as some of victims' most-trusted websites.

According to developer Jim Fisher, who posted about the exploit on his personal blog, hackers can use a mixture of coding and screenshots to trick victims into giving up their private data.

Scam - Fisher - 'inception - Bar - Targets

The scam, which Fisher calls the 'inception bar' targets Android mobile users for Chrome by using a fake address bar that not only displays the name of a legitimate website, but also an SSL badge - used to verify a site's authenticity - indicating that the page is safe.

When mobile users scroll using Google Chrome on Android, the address bar located at the top of the page automatically disappears.

Users - Bar - Fisher - Way - Users

Normally, when users scroll back up, the bar would reappear, but Fisher shows that he's found a way to trap users in a 'scroll jail.'

This is essentially a page within a page - hence the title, 'inception bar' - where even if a user attempts to scroll back up the top of the page to access the address bar, they're forced back down, trapped in the phony page.

Demonstration - Fisher - URL - Website - HSBC

In a demonstration, Fisher is able to change the displayed URL of his own website to that of HSBC Bank.

This trick would be useful for scammers who attempt to camouflage a malicious web page as a legitimate one and steal important information from users, like passwords and credit card information.

Coding - Fisher

With some added coding, Fisher says that the...
(Excerpt) Read more at: Mail Online
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!