Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

by
janrinok
from SoylentNews on (#5XE3Y)

upstart writes:

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible:

We've had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-trueadvice goes, check that the site's URL shows "https," indicating that the site is secured with TLS/SSL encryption.

If only it were that easy to avoid phishing sites. In reality, URL reliability hasn't been absolute for a long time, given things like homograph attacks that swap in similar-looking characters in order to create new, identical-looking but malicious URLs, as well as DNS hijacking, in which Domain Name System (DNS) queries are subverted.

Now, there's one more way to trick targets into coughing up sensitive info, with a coding ruse that's invisible to the naked eye. The novel phishing technique, described last week by a penetration tester and security researcher who goes by the handle mr.d0x, is called a browser-in-the-browser (BitB) attack.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments