How hackers can trick you and steal your account,
Introduction
For security professionals, the URL is usually the most trusted aspect of a domain. Yes, there are attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs, but not to an extent that makes URLs unreliable.
All of this eventually led me to think: Is it possible to make the “Check the URL” advice less reliable? After a week of brainstorming, I decided that the answer is yes.
Pop-Up Login Windows
Quite often, when we authenticate to a website via Google, Microsoft, Apple, etc., we’re provided with a pop-up window that asks us to authenticate. The image below shows the window that appears when someone attempts to log in to Canva using their Google account.
Replicating The Window
Fortunately for us, replicating the entire window design using basic HTML/CSS is quite simple. Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it's basically indistinguishable. The image below shows the fake window compared with the real window. Very few people would notice the slight differences between the two.
JavaScript can be easily used to make the window appear on a link or button click, on page loading, etc. And of course, you can make the window appear in a visually appealing manner through animations available in libraries such as jQuery.
Click on any advertisement to open the link.
⬇️ Download Now
0 Comments