Google Chrome hit with new phishing scam that uses fake address bar to steal password and personal data

 According to developer Jim Fisher, who posted about the exploit on his personal blog, hackers can use a mixture of
coding and screenshots to trick victims into giving up their private data.

The scam, which Fisher calls the 'inception bar' targets Android mobile users for Chrome by using a fake address bar that not only displays the name of a legitimate website, but also an SSL badge - used to verify a site's authenticity - indicating that the page is safe.

When mobile users scroll using Google Chrome on Android, the address bar located at the top of the page automatically disappears.

Normally, when users scroll back up, the bar would reappear, but Fisher shows that he's found a way to trap users in a 'scroll jail.'

This is essentially a page within a page - hence the title, 'inception bar' - where even if a user attempts to scroll back up the top of the page to access the address bar, they're forced back down, trapped in the phony page.

In a demonstration, Fisher is able to change the displayed URL of his own website to that of HSBC Bank.

This trick would be useful for scammers who attempt to camouflage a malicious web page as a legitimate one and steal important information from users, like passwords and credit card information.

With some added coding, Fisher says that the scam could be made more sophisticated, by making the fake bar interactive.

'With a little more effort, the page could detect which browser it’s in, and forge an inception bar for that browser,' said Fisher.

'With yet more effort, the inception bar could be made interactive. Even if the user isn’t fooled by the current page, you can get another try after the user enters 'gmail.com' in the inception bar!'

Google has worked to include a host of new features in the past few months intended to crack down on phishing scams.

It's not yet clear how users can shield themselves from the phishing scam, Fisher said. 

Comments

COMMENT

ads

Popular

MUST READ: How I managed to stand against 'Jungle justice -Good Citizen