{"id":419458,"date":"2022-03-21T22:11:44","date_gmt":"2022-03-21T19:11:44","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/this-chrome-phishing-kit-is-scary-as-hell-review-geek\/"},"modified":"2022-03-21T22:11:44","modified_gmt":"2022-03-21T19:11:44","slug":"this-chrome-phishing-kit-is-scary-as-hell-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/this-chrome-phishing-kit-is-scary-as-hell-review-geek\/","title":{"rendered":"#This Chrome Phishing Kit Is Scary as Hell \u2013 Review Geek"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2ffb4283025\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2ffb4283025\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/this-chrome-phishing-kit-is-scary-as-hell-review-geek\/#%E2%80%9CThis_Chrome_Phishing_Kit_Is_Scary_as_Hell_%E2%80%93_Review_Geek%E2%80%9D\" >&#8220;This Chrome Phishing Kit Is Scary as Hell \u2013 Review Geek&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CThis_Chrome_Phishing_Kit_Is_Scary_as_Hell_%E2%80%93_Review_Geek%E2%80%9D\"><\/span>&#8220;This Chrome Phishing Kit Is Scary as Hell \u2013 Review Geek&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-111511\" data-pagespeed-lazy-srcset=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/03\/d642f8c3.png?width=400 400w, https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/03\/d642f8c3.png?width=1200 1200w\" sizes=\"auto, 400w, 1200w\" data-pagespeed-lazy-src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/03\/d642f8c3.png?width=1200\" alt=\"Google Chrome on a Mac.\" width=\"1920\" height=\"1080\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\">Google<\/span><\/figcaption><\/figure>\n<p>Tricking people into handing over their login credentials has never been easier. As shown in a new phishing toolkit,\u00a0Single Sign-On (SSO) pop-ups are incredibly easy to spoof in Chrome, and a login box\u2019s URL may not indicate whether a site is truly legitimate.<\/p>\n<p>You know how some websites let you log in using your Google, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>le, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Facebook<\/a>, or Amazon account? That\u2019s an SSO login\u2014it\u2019s a valuable time-saver, as it reduces the number of usernames and passwords that you need to remember.<\/p>\n<p>Here\u2019s the problem; hackers can perfectly replicate these SSO windows in Chrome, even down to the URL. A new <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/mrd0x.com\/browser-in-the-browser-phishing-attack\/\">phishing kit from dr.d0x<\/a>, a security researcher, includes a ready-made template that novice hackers or white hats can use to quickly build a convincing SSO pop-up. (Other templates may already be floating around within hacking circles.)<\/p>\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-112883\" data-pagespeed-lazy-src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/03\/9b66b3c6.png\" alt=\"A real Facebook browser-in-browser login window next to a fake one. They look identical, even down to the URL.\" width=\"1920\" height=\"1080\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/mrd0x.com\/browser-in-the-browser-phishing-attack\/\">mr. d0x<\/a><\/span><\/figcaption><\/figure>\n<p>Hackers who utilize these fake SSO windows will stick them in all manner of websites. A hacker may send you an email about your Dropbox account, for example, and tell you to visit a certain link. This link could direct to a fake Dropbox webpage with SSO login options for Google, Apple, and Facebook. Any information you input in these fake SSO boxes, like your Google login, will be collected by the hacker.<\/p>\n<p>Of course, pirate video websites (and other sites offering \u201cfree\u201d stuff) may be the most common destination for these spoofed SSO windows. A hacker can build a pirate video website that requires an SSO login, for example, effectively forcing people to hand over their Google or Facebook credentials.<\/p>\n<p>To clarify, dr.d0x did not invent the SSO or browser-in-browser phishing exploit. Hackers began spoofing SSO login windows several years ago. This phishing kit simply shows how such exploits work. Additionally, corporations may use this kit to\u00a0test their employees\u2019 ability to spot phishing schemes.<\/p>\n<p>Avoiding a phishing attack can be difficult. I suggest that you start by installing a password manager, which can often <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/451177\/how-a-password-manager-protects-you-from-phishing\/\">detect phishing attempts<\/a> and will help you use unique login information for every website (which reduces any damage from a successful phishing attack). You should also avoid opening links in emails or text messages, even if they look serious or legitimate.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/mrd0x.com\/browser-in-the-browser-phishing-attack\/\">mr.d0x<\/a> via <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows\/\">BleepingComputer<\/a><\/small>\n<\/div>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/112878\/this-chrome-phishing-kit-is-scary-as-hell\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;This Chrome Phishing Kit Is Scary as Hell \u2013 Review Geek&#8221; Google Tricking people into handing over their login credentials has never been easier. As shown in a new phishing toolkit,\u00a0Single Sign-On (SSO) pop-ups are incredibly easy to spoof in Chrome, and a login box\u2019s URL may not indicate whether a site is truly legitimate&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":419459,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/03\/d642f8c3.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-419458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/419458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=419458"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/419458\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/419459"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=419458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=419458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=419458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}