Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows

The Internet Patrol default featured image
Share the knowledge


Microsoft has this week issued an advisory on a new trick which phishers are playing with users’ web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which are automatically opened by a site which the user visits.

The way that it works is this: you visit a website – unbeknownst to you a phisher’s website – and that site redirects you to a real, legitimate site. So let’s say that you get an email with a link to YourBank.com, but it’s really a link to ThatPhisher.com. However, ThatPhisher.com invisibly redirects you to the real YourBank.com website, so what you see is your bank’s real, legitimate website.

However, at the same time, as your browser hits and passes through ThatPhisher.com, ThatPhisher.com causes your browser to pop-up one or more new windows or dialogue boxes, which prompt you to enter personal information for YourBank.com (such as your account information or password). You have no reason to think that the information is being requested by anyone other than YourBank.com, because hey, you’re at the real YourBank.com website!

Says the Microsoft advisory, “If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site’s certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box.”

Good advice.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

What to do if you are presented with such a new window or dialogue box?

Close them, go to your main browser window, and manually type in the address of the real website (in this case YourBank.com). If the window or dialogue box pops up again, then it was likely legitimate. If it doesn’t, well, you’ve just saved yourself from being phish phood.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

One thought on “Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows

  1. Opera is not affected by this phishing vulnerability: http://operawatch.blogspot.com/2005/06/opera-801-only-browser-of-major.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.