New type of phishing attack you may fall prey to easily!
By MYBRANDBOOK
Well when you are visiting a blog or e-commerce site are you sure the Site is a Legal?
If a website is asking for your credentials to get some discounts or confirming for certain service, do you know whether it is fake or real to log in?
By checking if the URL is correct?
By checking if the website is address and not a homograph?
By checking if the site is using HTTPS?
Or using software or browser extensions that detect phishing domains?
Like most Internet users, without relying on the above basic security practices to spot if that "Facebook.com" or "Google.com" you have been served with is fake or not, you may fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers.
Antoine Vincent Jebara, co-founder and CEO of password managing software, Myki currently reported on a news channel that his team recently spotted a new phishing attack campaign "that even the most vigilant users could fall for."
Vincent found that cybercriminals are distributing links to blogs and services that prompt visitors to first "login using Facebook account" to read an exclusive article or purchase a discounted product.
That’s fine. Login with Facebook or any other social media service is a safe method and is being used by a large number of websites to make it easier for visitors to sign up for a third-party service quickly.
Generally, when you click "log in with Facebook" button available on any website, you either get redirected to facebook.com or are served with facebook.com in a new pop-up browser window, asking you to enter your Facebook credentials to authenticate using OAuth and permitting the service to access your profile’s necessary information.
However, Vincent discovered that the malicious blogs and online services are serving users with a very realistic-looking fake Facebook login prompt after they click the login button which has been designed to capture users’ entered credentials, just like any phishing site.
The fake pop-up login prompt, actually created with HTML and JavaScript, are perfectly reproduced to look and feel exactly like a legitimate browser window - a status bar, navigation bar, shadows and URL to the Facebook website with green lock pad indicating a valid HTTPS.
Moreover, users can also interact with the fake browser window, drag it here-and-there or exit it in the same way any legitimate window acts.
The only way to protect yourself from this type of phishing attack, according to Vincent, "is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it's a definite sign that the popup is fake."
Besides this, it is always recommended to enable two-factor authentication with every possible service, preventing hackers from accessing your online accounts if they somehow manage to get your credentials.
Phishing schemes are still one of the most severe threats to users as well as companies, and hackers continue to try new and creative ways to trick you into providing them with your sensitive and financial details that they could later use to steal your money or hack into your online accounts.
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
Happiest Minds brings in an innovative GenAI chatbot
Happiest Minds Technologies has announced the new GenAI chatbot - ‘hAPPI...
VERSA NETWORKS INDIA PVT. LTD.
POLYCAB INDIA PVT. LTD.
RELIANCE JIO INFOCOMM LTD.
SECUREYE SERVICES PVT. LTD.
Technology Icons Of India 2023: Anil Kumar Aggarwal
Anil Agarwal is an Indian billionaire businessman who is the founder a...
Technology Icons Of India 2023: Bhavish Aggarwal
Ola CEO Bhavish Aggarwal had formed Ola-India’s largest mobility pla...
Technology Icons Of India 2023: Sunil Gupta
Sunil Gupta is the Co-founder, Managing Partner & CEO of Yotta Infrast...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
C-DOT enabling India in indigenous design, development and production of telecom technologies
An autonomous telecom R&D centre of Government of India, Center of Dev...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...