14 DAY TRIAL // Phishing attacks usually involve a fake webpage that replicates the legitimate site of the targeted company.
However, British web developer Jack Shepherd has developed a fake browser – by using only HTML, CSS and JavaScript – to demonstrate another type of phishing attack.
The attack starts with a link. When it’s clicked by victims, a genuine-looking browser is apparently opened. When the user navigates to Gmail, he/she is taken to a phishing website that seems to be hosted on gmail.com.
The browser made for demonstration purposes works best for Chrome running on OS X. However, Shepherd explains that an attacker could first identify the OS and the browser used by the victim, and launch a fake browser window that corresponds with what they’re utilizing.
In addition, cybercriminals can duplicate much more of the browser's functionality to make the bogus application look more realistic.
To try out the POC and to see the source code, visit Jack Shepherd’s website.