www.itnews.com.au Open in urlscan Pro
203.176.102.69  Public Scan

Form analysis
1 forms found in the DOM

POST /news/phishers-devise-browser-in-the-browser-attacks-chameleon-landing-pages-577458

<form id="frm-login" action="/news/phishers-devise-browser-in-the-browser-attacks-chameleon-landing-pages-577458" method="post">
  <h3 class="section-header"><span>Log In</span></h3>
  <div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
  <div id="login-validation"></div>
  <div id="login-response"></div>
  <div class="form-label">Email:</div>
  <div class="form-input"><input id="username" name="username" type="text" required=""></div>
  <div class="form-label">Password:</div>
  <div class="form-input"><input id="password" name="password" type="password" required=""></div>
  <div class="row form-checkbox">
    <input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span>&nbsp; | &nbsp;<a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
  </div>
</form>

Text Content

Latest News


COLES TO BUILD A ONE-STOP SUPPLIER PLATFORM ON SALESFORCE


ITALY SET TO CURB USE OF RUSSIAN ANTI-VIRUS SOFTWARE IN PUBLIC SECTOR


MICROSOFT FACES EU ANTITRUST COMPLAINT ABOUT ITS CLOUD COMPUTING BUSINESS


COURT ORDERS RE-VOTE IN THREE NSW COUNCILS AFTER IVOTE GLITCH


NSW GOV TARGETS SKY MUSTER SATELLITE USERS WITH $100M GIG STATE UPGRADE

 * Australia Edition

 * Asia Edition



LOG IN SUBSCRIBE  
Search
BUSINESS CLOUD DATA CENTRE
EDUCATION FINANCE HARDWARE
HEALTHCARE INDUSTRIAL NETWORKING
PROJECTS SOFTWARE STORAGE
STRATEGY TECHNOLOGY TELCO/ISP
EVENTS Insights MEDIA HUB
PARTNER CONTENT PARTNER HUBS PROMOTED CONTENT
REPORTS
 * NEWS
 * GOVERNMENT
 * SECURITY
 * RESOURCES
 * PODCAST
 * STATE OF IT
 * DIGITAL NATION
 * BENCHMARK AWARDS

NEWS

BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL
NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP
GOVERNMENT SECURITY RESOURCES

EVENTS Insights MEDIA HUB PARTNER CONTENT PARTNER HUBS PROMOTED CONTENT REPORTS
PODCAST STATE OF IT DIGITAL NATION BENCHMARK AWARDS
Australia Edition

Asia Edition



LOG IN

Email:

Password:

Remember me |  Forgot password?



Don't have an account? Register now!


PHISHERS DEVISE BROWSER-IN-THE-BROWSER ATTACKS, 'CHAMELEON' LANDING PAGES

By Juha Saarinen on Mar 17, 2022 6:49AM
Source: mr.d0x




NEXT-LEVEL TRICKERY MENACES USERS.

Phishers have come up with a new technique to trick users by simulating browser
windows with the browser itself in order to spoof legitimate domains, which is
hard for victims to detect.

A security researcher using the moniker mr.d0x has documented how phishers
create bogus pop-up windows for Google, Microsoft and Apple websites which look
almost exactly the same as the legitimate ones for authenticating users. 

It is difficult for users to work out that they're on fake sites, mr.d0x wrote.

"... once landed on the attacker-owned website, the user will be at ease as they
type their credentials away on what appears to be the legitimate website
(because the trustworthy URL says so)," mr.d0x wrote.





Meanwhile, security researchers at Trustwave Spiderlabs say some phishers have
started using landing pages that are automatically customised to look more
authentic.

Spiderlabs tested a phishing message with links that pointed to common email
providers such as Google Gmail and Microsoft's Outlook.com, and found that the
landing page elements changed accordingly.

The security researchers noticed that at least four elements were changed to
match the phishing links, using Javascript.

These include the page background, a blurred logo, the title tab and the
capltalised text of the domain, from the email provider, which all changed to
trick victims into thinking they were on an authentic site.

Spiderlabs said "chameleon" sites with customised page templates are often used
by malware authors, and also used to steal user credentials.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © iTnews.com.au . All rights reserved.
Tags:
bitbgmailmrd0xoutlookphishingsecurityspiderlabstrustwave



PARTNER CONTENT


Promoted Content Why your business's high-performance computing future may not
be in the cloud

Promoted Content What CISOs can learn from the Log4j cybersecurity panic

Promoted Content Service SA and Service Tas select Knosys knowledge management
solution

Promoted Content Where human meets digital


SPONSORED WHITEPAPERS


Don’t pay the ransom: A three-step guide to ransomware protection

A Guide to Cyber Security Threat Hunting

20 ways Automate solves IT and business problems

Magic Quadrant for Access Management

Fortinet Networking and Cybersecurity Adoption Index 2021


EVENTS

 * Join iTnews & National Tech for breakfast in Sydney
 * IoT Insights conference, Orange NSW: Digital Food & Agribusiness
 * IoT Impact Conference

By Juha Saarinen
Mar 17 2022
6:49AM
0 Comments





RELATED ARTICLES

 * Surprise Apple macOS and iOS updates fix a slew of vulnerabilities
 * BYOD registration abused in large-scale phishing campaign
 * Microsoft warns of large 'Upgrade' phishing campaign
 * Config error left 190 Australian organisations open to phishing attacks





MOST READ ARTICLES


ATO READIES MASSIVE IT OUTSOURCING RESET


OPTUS WANTS GOV RESPONSE TO OTTS 'FREE RIDING' ON TELCO NETWORKS


TABCORP TAKES TO GOOGLE-MADE FLUTTER


ANU TO GO PASSWORDLESS


Please enable JavaScript to view the comments powered by Disqus.


DIGITAL NATION


Metaverse hype will transition into new business models by mid decade: Gartner

The other ‘CTO’: The emerging role of the chief transformation officer

As NFTs gain traction, businesses start taking early bets

Case Study: PlayHQ leverages graph technologies for sports administration

COVER STORY: From cost control to customer fanatics, AI is transforming the
contact centre

Sponsored Links
 * What CISOs can learn from the Log4j cybersecurity panic
 * A Guide to Cyber Security Threat Hunting


MOST POPULAR TECH STORIES

 *  
   
   
   BOARDROOM IMPACT: CRITICAL INFRASTRUCTURE
   
   
   CAN DAHSNFT SOLVE A BIG PROBLEM WITH METAVERSES? — MOVING BETWEEN THEM
   
   
   COVER STORY: DATA SCIENTISTS EMPOWER DATA-DRIVEN BUSINESS LEADERSHIP
   
   
   PROCUREMENT SHOULD NOT BE USED AS INDUSTRY POLICY: GARTNER VP
   
   
   THE OTHER ‘CTO’: THE EMERGING ROLE OF THE CHIEF TRANSFORMATION OFFICER

 *  
   
   
   GOOGLE CLOUD NAMES ANGELA CORONICA NEW ANZ CHANNEL CHIEF
   
   
   SAP NAMES FIRST REGIONAL HEAD OF SUSTAINABILITY
   
   
   LONG-TIME MICROSOFT ANZ EXEC PHIL GOLDIE DEPARTS AFTER 12 YEARS
   
   
   CANON BUSINESS SERVICES ACQUIRES WA MICROSOFT PARTNER SATALYST
   
   
   AUSSIE TECHNOLOGY SPENDING TO REACH $111 BILLION IN 2022: GARTNER

 *  
   
   
   VENOM BLACKBOOK ZERO 15 PHANTOM
   
   
   FACEBOOK, LINKEDIN OR INSTAGRAM? SOCIAL MEDIA SUCCESS ISN’T ONE SIZE FITS ALL
   
   
   DIGITAL DYSTOPIA: YOUR REPUTATION IS ON THE LINE
   
   
   CREATING SUSTAINABLE HIGH-PERFORMANCE COMPUTING TO DRIVE THE DATA INDUSTRY
   FORWARD
   
   
   HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT?

 *  
   
   
   IOT IMPACT CONFERENCE
   
   
   IOT INSIGHTS CONFERENCE, ORANGE NSW: DIGITAL FOOD & AGRIBUSINESS
   
   
   IOT IMPACT MOVING TO JUNE 9
   
   
   2021 IOT AWARDS WINNERS ANNOUNCED
   
   
   JOHN HOLLAND USES IOT TO TRACK SPOIL REMOVAL FROM CONSTRUCTION SITES

Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS
  © 2022 nextmedia Pty Ltd.
OTHER TECH SITES: BIT  |  CRN Australia  |  IoT Hub
All rights reserved. This material may not be published, broadcast, rewritten or
redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy
and Terms & Conditions.
Powered By




Accept
By using our site you accept that we use and share cookies and similar
technologies to perform analytics and provide content and ads tailored to your
interests. By continuing to use our site, you consent to this. Please see our
Cookie Policy for more information.




 Close


LOG IN

Don't have an account? Register now!


Email:

Password:

Remember me  |  Forgot your password?
Log InCancel