Pop-ups: A new type of phishing that looks like pop-up login windows It’s pretty bad because it looks very similar to the browser’s usual pop-up display window. The window can even be styled to look similar to browser windows in several popular operating systems (OS). Where is the danger? If the victim does not know that this is a fake authentication window, he will enter the user and password into the existing authentication form. In doing so, the hacker will obtain the victim’s credentials and take over his account. Quite dangerous! This phishing method was developed by a security researcher nicknamed Mr. oxidase. He calls it a browser-in-browser phishing attack (BITB) because his phishing attempt attempts to trick users into displaying a browser window.
So how can we avoid this threat
Avoid in-browser attacks First, to avoid this attack, we need to identify normal and abnormal browser behavior. Examples are as follows. How to spot phishing: mobile pop-ups As shown above. The original browser window will be able to be moved out of the main whatsapp number list browser. However, the browser window displayed by the BITB attack does not. Phishing results window cannot be moved out of browser It can be seen that the original browser window cannot be removed. In fact, there will be some obvious oddities. For example, the title bar on the window will be cut off. Use a password manager to avoid phishing However, what happens when we open the window displayed by the BITB attack
Even if the URL of the displayed
Window is to trick the user), the password manager will recognize that this is not a website. Therefore, it does not display valid credentials. Safe digital life Typically phishing exploits things that are urgent (such as the opportunity for a COVID-19 vaccine, a bank account that needs BJ Leads to be updated due to problems) and things that are currently popular. But the good thing is that we are not in a rush when it comes to taking any action in the digital world. This haste is one of the keys to hackers’ success in acquiring new phishing victims.