There’s a New Realistic Phishing Campaign That Can Trick Everyone
- Researchers discover a hyper-realistic phishing campaign that has reproduced login prompts with unprecedented faithfulness.
- Even experienced users can step on the trap, as everything from the URL to the HTTPS look legit.
- The only dependable way to stay protected is to use a powerful password manager that can “see into the details”.
A new phishing campaign was discovered by researchers at Myki, which utilizes such well-made and realistic login forms that could trick even the most careful and knowledgeable users out there. Checking for the usual signs of something “phishy” going on won’t help the users identify the risk, as the URLs and HTTPS in the pop-up form look perfectly legit. The hackers have put a lot of work in their HTML block, reproduce everything with high fidelity, from the status and navigation bars to the content and even the interface shadows.
The phishing process starts with the victim visiting a malicious or simply compromised website. There, a login prompt pops up to supposedly allow the visitor to further access the website content. Everything on the prompt looks legit, so users can be easily tricked into thinking that they are entering their Facebook (or something else) credentials onto the website’s sign-in platform, but they are actually handing them over to the attacker. The only way to identify that the pop-up prompt is fake is by trying to drag it away from the window it’s displayed in. If that fails, it’s a fake one. The following demonstration video by the Myki researchers shows the phishing campaign in action.
As it becomes apparent, this phishing campaign can trick even the most vigilant users out there, as the prompt looks and feels like the real thing. This is also an indicator of what’s about to come in the near future, as phishing actors look for more polished and convincing methods to deceive people to enter their credentials in the fake forms. As these forms get more difficult to distinguish, using a password manager that checks the full URL of the form becomes a mandatory practice for those who want to stay safe.
If you’re looking for a good password manager that will help you mitigate phishing risks, check out our article on the top five password managers to stay safe and secure right now.
Do you have a phishing login prompt screenshot that you can share with us? Help our community stay safe by sharing in on our socials, on Facebook and Twitter. Also, don’t forget that you can help us spread the word and raise awareness of campaigns like this one by sharing our posts on social media.