Whether you’re using Google Chrome on your cell phone or on your desktop, the primary tip to protect yourself from a phishing attack is to look closely at the URL. But apparently that’s not enough. British developer James Fisher found a flaw in the mobile version of the Google browser that recreates the URL field and allows the fake page to display exactly the same domain as that of your bank or favorite store. That’s the kind of trick that gets no applause, right?
Unfortunately, it does, even though Google is genuinely concerned with digital security. It works like this: basically, the scammer embeds a fixed image into the URL field after the user begins to scroll the page down.
This happens because, by default, Google Chrome Mobile removes the URL address bar from view when you scroll the page down. And that’s where the cybercriminals come onto the scene: they insert an image that exactly simulates the domain field of the official page that they plan to clone.
Upon detecting this new (and we must admit, spectacular) practice, Fisher simulated the fraud in his blog using the domain of the HSBC bank and gave it the name Inception Bar:
The Inception Bar. Could the inspiration for that name have come from the Leonardo DiCaprio film?
When you look at the page Fisher created as an example, the most interesting thing is that the image adapts itself to the device’s size, remaining exactly the same as the original URL address bar.
Because we’re dealing with a con that works by using an image, the most obvious tool for self-protection is to pay attention to the number of open tabs: in the example, the image shows the number 26.
But of course, you might have 26 tabs open (a lot, right?). In order to discover the con therefore, you need to drag the “URL field” itself down. Then the true URL will appear:
Voilà! When the screen is swiped down from the supposed “URL field,” the correct address appears.
If you swipe the page down from the text area, nothing happens and the HSBC remains in place; the page doesn’t really refresh, as would be expected. Fisher named this page development trick “scroll jail.” It shows how you could be browsing on a site that is actually simulating a different site.
Here at Axur we constantly monitor for phishing using automated collection of millions of URLs. So if you’re interested in having greater protection against these digital risks, it would be smart to find out about the Phishing solution.