Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows

If you find this useful please share it!


Microsoft has this week issued an advisory on a new trick which phishers are playing with users’ web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which are automatically opened by a site which the user visits.

The way that it works is this: you visit a website – unbeknownst to you a phisher’s website – and that site redirects you to a real, legitimate site. So let’s say that you get an email with a link to YourBank.com, but it’s really a link to ThatPhisher.com. However, ThatPhisher.com invisibly redirects you to the real YourBank.com website, so what you see is your bank’s real, legitimate website.

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows

However, at the same time, as your browser hits and passes through ThatPhisher.com, ThatPhisher.com causes your browser to pop-up one or more new windows or dialogue boxes, which prompt you to enter personal information for YourBank.com (such as your account information or password). You have no reason to think that the information is being requested by anyone other than YourBank.com, because hey, you’re at the real YourBank.com website!

Says the Microsoft advisory, “If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site’s certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box.”

Good advice.

 

What to do if you are presented with such a new window or dialogue box?

Close them, go to your main browser window, and manually type in the address of the real website (in this case YourBank.com). If the window or dialogue box pops up again, then it was likely legitimate. If it doesn’t, well, you’ve just saved yourself from being phish phood.

  
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows

Get notified of new Internet Patrol articles!

If you find this useful please share it!

1 Reply to “Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows”

  1. Opera is not affected by this phishing vulnerability: http://operawatch.blogspot.com/2005/06/opera-801-only-browser-of-major.html

Leave a Reply

Your email address will not be published. Required fields are marked *