Hackers have come with something new to beat the phishing experts too!
A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.
Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab.
Unlike other phishing campaign this one is based on the concept of creating a fake and malicious web page which would create a feel of the browser window tricking even most smart users to believe its legit window. This new phishing attack fakes mobile browser animation and design.
“Although hackers would probably implement this campaign in a more realistic manner, in its current form, a majority of users would fall for this attack, as the details that give it away are relatively subtle, and more importantly, the user is shown specific ‘familiar’ actions that seem to turn off the part of the brain that doubts the legitimacy of the page.” Jebara said to Hacker News
How it works ?
- User visits a website which closely resembles the original site. Jebara’s investigation revealed a clone of the Airbnb website in the video above.
- They are now presented with a message to open from Facebook in order to access the site.
- A fake iOS login prompt appears asking the user to fill in his credentials to log into the site. After entering the credentials, the site notifies the user that his/her account has been compromised.
How to protect yourself against such phishing campaigns, we will coming soon with a post describing each and everything about phishing and how to identify such campaigns.
Stay Tuned with Us !!! Thank you 🙂