Phishing is a form of internet fraud where you are lured to a fake website. Most of the time you can tell something is wrong from the URL, but not always. In fact, there is a new phishing trick that can spoof a window in your browser to simulate a legitimate domain. Without the weird URL.

This is an attack on the browser, called a browser attack, called BitB. An anonymous hacker using the alias mr.d0x recently posted a detailed report online about this new phishing technique.

Cheating is especially dangerous if you regularly log into multiple websites with a single account. Many websites offer the option to log in to that website, for example, via a Google, Microsoft or Facebook account. This looks safer and is also easy: you don’t have to create a new account every time. Usually a popup appears where you are logged into a Google Account or Facebook account.

It is these windows that are currently faked. They are barely distinguishable from legitimate login windows. The URL and login page don’t look bad, and you’ll see a lock in your browser’s search bar that you should expect you’re connected to a secure site. But nothing is less true.

These login windows are used in a BitB attack.

this is how you protect yourself

How do you avoid being a victim of such a BitB attack? As with many other spam and phishing tricks, logical thinking goes a long way. You can only fall into the trap of a BitB attack if you’ve ever visited a shady website. If you are on a legitimate website, a hacker cannot suddenly present you with a malicious login window.

That’s why it’s important to keep criticizing links you come across online or in your email. This prevents you from entering untrustworthy websites and thus falling into the BitB trap.

Password manager provides protection

There’s also the protection provided by password managers. You may fall into login windows that are almost entirely bogus, but your password manager won’t. You can’t really find a form on the fake login screen. Your password manager cannot enter login information for you. This is a sign that something is not right. That’s why a password vault is an extra layer of protection against the new phishing trick.

Don’t have a password manager yet? In another article, we tested 16 password managers for you and also gave you 7 tips for finding the best password manager.

Source: Computer Totaal

Previous articleScientists call for action: space debris is a growing threat
Next article‘I do not accept the charges’: Jhonier retracts Mauricio Leal murder


Please enter your comment!
Please enter your name here