Microsoft has this week issued an advisory on a new trick which phishers are playing with users’ web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which are automatically opened by a site which the user visits.
The way that it works is this: you visit a website – unbeknownst to you a phisher’s website – and that site redirects you to a real, legitimate site. So let’s say that you get an email with a link to YourBank.com, but it’s really a link to ThatPhisher.com. However, ThatPhisher.com invisibly redirects you to the real YourBank.com website, so what you see is your bank’s real, legitimate website.
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
However, at the same time, as your browser hits and passes through ThatPhisher.com, ThatPhisher.com causes your browser to pop-up one or more new windows or dialogue boxes, which prompt you to enter personal information for YourBank.com (such as your account information or password). You have no reason to think that the information is being requested by anyone other than YourBank.com, because hey, you’re at the real YourBank.com website!
Says the Microsoft advisory, “If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site’s certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box.”
What to do if you are presented with such a new window or dialogue box?
Close them, go to your main browser window, and manually type in the address of the real website (in this case YourBank.com). If the window or dialogue box pops up again, then it was likely legitimate. If it doesn’t, well, you’ve just saved yourself from being phish phood.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!