In the News
Is that website you are scrolling on legit? In Beware! Google Chrome address bar can reportedly be used to launch a phishing attack, Dalvin Brown at USA Today discusses a potential vulnerability in the Android browsing experience that would allow phishing attacks to steal personal information. Brown explains that once on a website, users are unable to continue seeing the address bar once they scroll farther down the page. Brown elaborates that this disappearing address bar can be used by malicious attackers to spoof users into thinking they are on a legitimate site, when they are actually targets of a phishing attack and at risk for any inputted information on the site being stolen. Brown identified a prevention method: “lock your phone and unlock it while on the webpage” which will force the true URL address to appear.
Our Take
Phishing attacks have the potential to do much damage. Some phishing attack vectors are easier to identify and prevent than others. Regardless, if you fall prey to a phishing attack, not only your personal information but also your financial information may become compromised. This can lead to detrimental financial damage and identity theft. In this instance, the tricky thing about Chrome Browsing on an Android is that you may not realize that your browsing on a harmful site because it appears just as a legitimate site would. Attackers hope that this result holds true. They rely upon users not taking the extra step of diligence in verifying their host site. Especially when you are on a website where you plan to input financial information or sensitive information, it is crucial to verify the legitimacy for the site…for your protection.
Recommendations
How can you protect the security and privacy of your accounts?
- Proceed with the same level of caution on your mobile devices as you would on a desktop
- Always verify the platform hosting your content
- Check your email, financial accounts, and credit reports regularly for abnormal activities
- Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected