With the rapid development of technology, forms of fraud through the network are increasingly sophisticated and difficult to detect.
According to Android Police, international security researchers recently discovered a new sophisticated form of fraud. By using a toolkit that allows creating fake Chrome browser windows, hackers can easily lure victims into traps.
The report from security researchers said that the fake window created with this tool has an extremely realistic design, and also comes with a series of login options familiar with FacebookGoogle, Microsoft, Apple, Twitter or even Steam.
Fake DropBox login form with multiple login options with Apple or Google account.
When the Login in Google or Apple button is clicked, a single sign-on (SSO) browser window will be displayed, prompting you to enter your credentials and proceed with the account login.
These fake windows are minimized to show only the login form and a URL address bar of the login form.
To get users to trust and fill in their credentials in this SSO window, a URL will be displayed above the window frame.
According to security experts, the presence of this URL makes the form more trustworthy, and will make the victim feel unsuspecting when entering his login information.
The emergence of these fake browser windows leads to a new form of attack called “Browser in the Browser (BitB)”. They use ready-made templates to create fake Chrome pop-ups, but are designed to look like the real thing – including a custom URL and address title.
The interface of the fake Facebook login page (left) and the real login page from Facebook.
Basically, BitB attack creates fake browser windows inside real browser windows (browser within browser), thereby making the phishing activity more and more sophisticated. Users can easily “fly” to lose their Facebook, Google, … within just 1 note.
Even so, this attack method is not perfect – with password managers weak. Accordingly, password managers like LastPass will not automatically fill in user login data because BitB does not display real forms.
Also, to make sure you are safe from BitB attacks, it is recommended that you take a moment to think before accessing any suspicious links attached in emails, messages, …
at Blogtuan.info – Source: Soha.vn – Read the original article here
