Security expert mr.d0x boasted on his website how phishing attacks could be further improved – this time aimed at logging in to websites through foreign authorities. For example, Google, Facebook, GitHub, Twitter and other OAuth systems.
We all know that. You load the XYZ website and instead of tediously creating an account, click on the button to quickly log in through one of the above-mentioned ecosystems. Mr.d0x’s approach relies on that as soon as a login dialog of a similar authority appears, we usually trust it indefinitely.
This is what a legitimate Zerotier login to with your Google Account looks like
In this way, the intruder can trigger a situation where another and seemingly trusted browser window appears above the main page, with an address bar in which even a lock icon confirming a trusted domain will light up. You can scroll back and forth through the window, and the classic login form will be displayed inside.
At the same time, it’s all just the attacker’s HTML code, including the copied form from the Google website. So as soon as anyone inadvertently fills in their login details, they are trapped.
Example in practice:
Phishing does not have to break the system – it does not have to attack any specific program and OS. What he attacks is our own psyche and inattention.
No wonder these are more sophisticated phishing practices – the so-called spear phishing – which today open the door to the system by far the most often. We just give them the login names and passwords completely voluntarily, and only then will some real malware attack.