There have been few times in which we have heard how dangerous phishing threats can be. Actually, launching an attack of these characteristics is not at all complicated, if the criminal has a basic knowledge of hacking .
It must also have some web codes and screenshots, which serve to impersonate the identity of an organism, entity or web service . It can be very simple if you put your mind to it, so you have to be very careful.
Especially because from the same Chrome browser , Google's, it is possible to perpetrate an attack of these characteristics. This is how the developer James Fisher has explained it, who has found a very simple exploit to use in Chrome through mobile devices. Hackers can relatively easily exploit this vulnerability and therefore carry out an attack with fatal consequences.
How simple is a phishing attack in Chrome
The alert was given by the developer James Fisher, who has been in charge of locating the exploit or the vulnerability. This takes advantage of the way the application displays the address bar . When the user scrolls down from the top of the page, the rogue system displays a fake address bar, which does not disappear until you visit a new site.
The attackers are so sibylline that they can even make the address bar disappear through a fraudulent page, so that when you scroll up, you will not see it in any case.
Chrome might not be the only browser affected
What Fisher, the researcher, has done is to show that Chrome can be a suitable vehicle for committing phishing scams. However, this is only a test and the truth is that this same strategy could be applied to other browsers , including different interactive elements.
It would not really matter the characteristics of the page. A phishing attack of this size could serve to emulate any page and, of course, try to scam users into falling for the threat without even realizing it.
Detecting that we are about to be scam meat is not easy and in fact, there are many - most - of users who can easily fall into the clutches of scammers.
The 9to5Google team has explained that there is a way to force the real address bar to be displayed in the browser, which is by locking and unlocking the phone again . Although it is not a 100% reliable test, if you suspect that something strange is happening, you can use this technique. It will always be better than falling into the trap.
Beware of phishing scams
Phishing scams are a reality, so it is important that you be clear about how to act to avoid these types of dangerous threats . So, we recommend the following:
- Don't open unsafe or unfamiliar emails
- If you see a suspicious link, don't click on it
- If they ask for confidential information, always check that the page URL begins with HTTPS. Most legitimate safe sites include this final 's'.
- If you receive a suspicious email, do a Google search on the sender's name. If the mail apparently comes from a body or entity, such as the Tax Agency or a bank, contact them directly or make the necessary inquiries to the Police.