Easy Browser Hack Allows Phishing Attacks

Major Internet services like Facebook, Twitter and Instagram expose their users to phishing attacks using the ‘ target=”_blank” ‘ HTML attribute in an insecure way.

Phishing Attacks Made Simple by Major Web Services

Security experts have identified that major web services such as Facebook, Instagram, and Twitter expose their users to phishing attacks by using unsafe code. The HTML target=”_blank” HTML attribute repeatedly been used by criminals in launching spam phishing campaigns. By using links that employ the code web developers give partial access to the linking page via the window.opener object.

The newly opened page can change the location to a redirection page or a phishing site. JavaScript code can also be opened. Most web browsers assume that the users trust the link, so they allow the unsafe behavior. An example attack was demonstrated on Facebook where a malicious user-crafted a fake viral page with meme images that have embedded links. Upon clicking on the target link, the user is redirected to a phishing site that requests the users account credentials for their Facebook accounts.

The developers suggest an easy fix; all programmers simply need to add rel=”noreferrer” to mitigate this vulnerability.

Security expert Ben Halpern has discovered major web services such as Facebook, Twitter and Instagram are affected by the issue. Popular websites are also plagued by the problem.

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *