Firefox, And Opera Vulnerable To Undetectable Phishing Attack

By   ISBuzz Team
Writer , Information Security Buzz | Apr 20, 2017 09:32 am PST

Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others. Itsik Mantin, Director of Security Research at Imperva commented below.

Itsik Mantin, Director of Security Research at Imperva:

Itsik Mantin“In this vulnerability an anti-phishing mechanism wasn’t implemented properly in some web browsers, and like in many other cases, improper implementation renders the mechanism ineffective, in this case exposing users to phishing attacks that are hard to identify. In most of the cases these scenarios end with account takeover, where the attacker obtains control of the user’s account.

In order to protect website users, forcing them to use strong passwords and to replace them frequently is insufficient, since in this case it would be completely ineffective to prevent the attack. Site administrators should assume that the credentials of some of their users were stolen (which in almost 100% of the cases will be true), and take adequate measures to identify account takeover, like irregular device, irregular geo-location or abnormal activity in the account.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x