Major Internet services like Facebook, Twitter and Instagram expose their users to phishing attacks using the ‘ target=”_blank” ‘ HTML attribute in an insecure way.
Phishing Attacks Made Simple by Major Web Services
Security experts have identified that major web services such as Facebook, Instagram, and Twitter expose their users to phishing attacks by using unsafe code. The HTML target=”_blank” HTML attribute repeatedly been used by criminals in launching spam phishing campaigns. By using links that employ the code web developers give partial access to the linking page via the window.opener object.
The developers suggest an easy fix; all programmers simply need to add rel=”noreferrer” to mitigate this vulnerability.
Security expert Ben Halpern has discovered major web services such as Facebook, Twitter and Instagram are affected by the issue. Popular websites are also plagued by the problem.