Phishing through simulation of browser interface in pop-up window

disclosed Information about the phishing method, allowing you to create a user with an illusion of working with a legitimate form of authentication through the recreation of the interface Browser in the area displayed over the current window using IFRAME. If earlier attackers tried to deceive the user by registering the following by writing domains or manipulating the parameters to the URL, then using the HTML and CSS method, the elements repeating the browser interface are drawn at the top of the pop-up window, and including the title with the window control buttons and address string including address that does not match the actual content address.


Taking into account the fact that many popular services are displaying the user authorization form in a separate window, the generation of the fictitious browser interface can mislead even an experienced and attentive user. Researchers who paid attention to the problem is published a ready-made set of layouts simulating the Chrome interface in dark and light design topics for MacOS and Windows. The pop-up window is formed using IFRAME, displayed on top of the content. To give realistic with JavaScript, handlers are tied to move the fictitious window and click on the window control buttons.




/Media reports.