Click For Photo: https://i.kinja-img.com/gawker-media/image/upload/s---z1IySvH--/c_fill,fl_progressive,g_center,h_900,q_80,w_1600/fcnsbnbos98y8j0cr3lw.jpg
False login pages are a common method of phishing login credentials from users. If a website look legit, it’s easy for your muscle memory to kick in and for you to start typing your username and password without checking that the URL is correct (or the website is legitimate). Complicating matters is a new issue, recently profiled by developer Jim Fisher, that shows just how easy it is for a website to use a fake address bar to make you think you’re somewhere you’re not.
Usually, you can take a peek at the padlock icon to the left of the address bar to figure out whether a website is authentic or not. Don’t put blind trust in that little graphic, however, as phishers have devised a way for mobile web pages to display fake URL bars in Chrome that include the padlock icon and a replacement URL. This “inception bar,” as its known, replaces the real address bar in your browsing window. If you aren’t paying much attention, you might assume that your browser is working as intended.
Trick - UI - Version - Chrome - Page
This entire trick is possible because the UI on the mobile version of Chrome often disappears as you scroll down a page, and website developers can override and prevent the UI, including URL bar, from reappearing. As Fisher describes:
This is bad, but it gets worse. Normally, when the user scrolls up, Chrome will re-display the true URL bar. But we can trick Chrome so that it never re-displays the true URL bar! Once Chrome hides the URL bar, we move the entire page content into a “scroll jail” - that is, a new element with overflow:scroll. Then the user thinks they’re scrolling up in the page, but in fact they’re only scrolling up in the scroll jail! Like a dream in Inception, the...
Wake Up To Breaking News!