this post was submitted on 24 Aug 2024
56 points (87.8% liked)
Privacy
31987 readers
496 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does this rely on the user typing in their password, or does somehow even the browser fall for it and autofill it?
Because in that case, to respond to OP: Firefox is not vulnerable to this, but most users themselves are. Using a password manager like Bitwarden would help, because if you add the website's real URL to your password entey (happens automatically for the current URL at password entry creation), bitwarden will simply just not show your password entry when the URL does not match.
Also, install uBlock Origin and turn on it's phising blocklists in the settings. It can be helpful.
An attack using this tool does require that the user actually logs in, but because they're just acting as a proxy for the real login page, the only way you'd spot the difference is if the URL doesn't match (or that your password manager doesn't auto-fill)
However, it's pretty easy to see that someone would be fooled by that as you'd expect to need to confirm your identity when adding a gift card to your steam account.