Click For Photo: https://i.dailymail.co.uk/1s/2019/04/29/21/12876094-0-image-a-20_1556568855702.jpg
A new and surprisingly simple phishing method has affected Google Chrome's mobile browser, disguising itself as some of victims' most-trusted websites.
According to developer Jim Fisher, who posted about the exploit on his personal blog, hackers can use a mixture of coding and screenshots to trick victims into giving up their private data.
Scam - Fisher - 'inception - Bar - Targets
The scam, which Fisher calls the 'inception bar' targets Android mobile users for Chrome by using a fake address bar that not only displays the name of a legitimate website, but also an SSL badge - used to verify a site's authenticity - indicating that the page is safe.
When mobile users scroll using Google Chrome on Android, the address bar located at the top of the page automatically disappears.
Users - Bar - Fisher - Way - Users
Normally, when users scroll back up, the bar would reappear, but Fisher shows that he's found a way to trap users in a 'scroll jail.'
This is essentially a page within a page - hence the title, 'inception bar' - where even if a user attempts to scroll back up the top of the page to access the address bar, they're forced back down, trapped in the phony page.
Demonstration - Fisher - URL - Website - HSBC
In a demonstration, Fisher is able to change the displayed URL of his own website to that of HSBC Bank.
This trick would be useful for scammers who attempt to camouflage a malicious web page as a legitimate one and steal important information from users, like passwords and credit card information.
Coding - Fisher
With some added coding, Fisher says that the...
Wake Up To Breaking News!