Gone are the days when phishing attacks required some kind of vague technical defects to execute. Nowadays, an effective web program, coupled with a screen capture might be all that Hackers need. James Fisher should be credited for spotting a new approach being exploited by cyber-hackers to initiate phishing attacks in the mobile version of Chrome.
The hackers can now use the display of address bar in the Chrome app to their advantage. When a user scrolls down a page, the new exploit allows a fake address bar to be showed that will remain visible until the user heads over to another website. Additionally, the hackers can also deceive users by applying modifications that will not allow users to view the real address bar, even after they scroll up.
As of now, there’s no proof whether the exploit can launch phishing attacks on any other browsers too or just Chrome. However, there’s a fairly strong chance that other browsers are prone to this approach too.
The reason why it’s so easy to fall for this trap is that with this approach, a believable site can be created with content and other interactive elements. You can prevent yourself from being a target of this attack by carefully observing the starting address. However, it’s highly likely that many people will fail to notice the difference.
According to 9to5Google, there’s a trick to verify the real address bar. If a user locks and then unlocks their phone again while visiting a website, the unlocking will force the actual address bar to be displayed and based on that, they can plan their next step.
An official statement regarding the issue has yet to be issued by Google and its security team. It’s important that this exploit gets taken care of before other phishers start using and improving it.
Read next: Google Chrome is Working on Security Measures to Prevent Cookie Abuse
Featured Photo: BigTunaOnline / Shutterstock
The hackers can now use the display of address bar in the Chrome app to their advantage. When a user scrolls down a page, the new exploit allows a fake address bar to be showed that will remain visible until the user heads over to another website. Additionally, the hackers can also deceive users by applying modifications that will not allow users to view the real address bar, even after they scroll up.
As of now, there’s no proof whether the exploit can launch phishing attacks on any other browsers too or just Chrome. However, there’s a fairly strong chance that other browsers are prone to this approach too.
The reason why it’s so easy to fall for this trap is that with this approach, a believable site can be created with content and other interactive elements. You can prevent yourself from being a target of this attack by carefully observing the starting address. However, it’s highly likely that many people will fail to notice the difference.
According to 9to5Google, there’s a trick to verify the real address bar. If a user locks and then unlocks their phone again while visiting a website, the unlocking will force the actual address bar to be displayed and based on that, they can plan their next step.
An official statement regarding the issue has yet to be issued by Google and its security team. It’s important that this exploit gets taken care of before other phishers start using and improving it.
Read next: Google Chrome is Working on Security Measures to Prevent Cookie Abuse
Featured Photo: BigTunaOnline / Shutterstock
