Sneaky phishing method in modern browsers

Chrome, Firefox and most other modern browsers allow you to execute base64 encoded data via data:text/html. For example we could prepend „data:text/html,“ to a trustworthy URL like „trustme.com“ and instead of loading the displayed url we execute a bunch of other stuff encoded in our following script tag (yeah I know a programmer would not fall for it, but your parents will!)

{BASE64 ENCODED JS} can be replaced with any js. With some lines of code we can load anything we want and make the user believe he is browsing on trustme.com.

The whole code base64 encoded:

URL:

Add some spaces to the url and build a simple link so it doesn’t look suspicious and here we go:

Examples:

Removed some spaces from the snippet.

So many spaces, that the script isn’t even visible.

 

 

 

 

 

 

How can I prevent getting phished like this?

  1. Use password managers that preserve your login urls (keepass, 1password, etc.).
  2. Don’t click on stuff in E-Mails ;D
  3. Check the certificate in your browser.
  4. Never login on any site after you opened it out of an email.

More about this topic:

  1. Gist by timruffles
  2. @tomscott
 

Felix

 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.