this post was submitted on 24 Aug 2024
56 points (87.8% liked)

Privacy

31987 readers
496 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

you are viewing a single comment's thread
view the rest of the comments
[โ€“] ReversalHatchery@beehaw.org 3 points 2 months ago (1 children)

Does this rely on the user typing in their password, or does somehow even the browser fall for it and autofill it?

Because in that case, to respond to OP: Firefox is not vulnerable to this, but most users themselves are. Using a password manager like Bitwarden would help, because if you add the website's real URL to your password entey (happens automatically for the current URL at password entry creation), bitwarden will simply just not show your password entry when the URL does not match.

Also, install uBlock Origin and turn on it's phising blocklists in the settings. It can be helpful.

[โ€“] Godort@lemm.ee 1 points 2 months ago

An attack using this tool does require that the user actually logs in, but because they're just acting as a proxy for the real login page, the only way you'd spot the difference is if the URL doesn't match (or that your password manager doesn't auto-fill)

However, it's pretty easy to see that someone would be fooled by that as you'd expect to need to confirm your identity when adding a gift card to your steam account.