x
Black Bar Banner 1
x

Welcome to Markethive

  • Sign Up
  • Log In
  • Calendar

Defense against sophisticated fraud

Posted by M H on April 29, 2022 - 3:34pm
Tip

Defense against sophisticated fraud
A sophisticated scam catches even the experts. Surprisingly you can defend yourself with a single mouse movement .

In recent months, a new type of fraud has spread through the internet, catching even very attentive users. It takes advantage of the popularity of logging in to sites through other services such as Facebook or Google and shows users fake windows.
However, in recent months, a variant of phishing has been added, which often catches even very attentive users. One of the reasons is that libraries of copies of login dialogs have been created, which greatly simplify the work of attackers.

A new variant of phishing is called BitB = Browser in the Browser -  and takes advantage of the popularity of third-party login dialogs. Users are used to being able to log in to an unknown page, for example, using the "sign up with Microsoft" or "log in with Facebook" button. Usually this button opens a new window. The BitB attack is that there is actually no new window, it is just a successful imitation.

Browser in the Browser
The attacker creates a script that displays a new browser login window. But in fact, it is a graphic element that just looks like a login window. If the user enters his data there, the attacker can use it to steal identity. If you were caught on such an attack, the attacker will get your login and password. As a result, the identity, profile or account of the web service in question is very likely to be misused.

This cunning attack is able to confuse even experienced users. The basic defense is surprisingly simple, at least when you know how to do it. It comes from the very name of the trick: "browser in the browser".

The fake login window exists only inside the website. To verify that you are logging in to a real window, try shrinking the original page and dragging the new window outside the browser area.
If it goes drag and drop outside, it is a real window. Attention, it can still be fraudulent, but no longer in this way.
A fake window cannot, unlike a real one, be moved or enlarged outside the desktop of the current page.

However, it is even better to have two-step authentication turned on (two-step verification). To log in is not enough just a combination of name and password, you still need to verify, for example, using a code sent to the phone or using a special application. "Using a password manager is another option," advises Savchin of Avast. "The password manager offers to fill in login information only on sites that are considered safe.“

                        Wishing you safe browsing

                                                                     Margaret


 

Bill Rippel Thanks for this info, Margaret. They will use anyway possible to get your info.
April 30, 2022 at 7:24pm
© Markethive Inc.