The phishing attacks were generated by a Python tool which produced custom webpages designed to mimic websites like online banking and social networking sites. The developer of the tool, Australian researcher Jamieson O’Reilly, said the attacks exploit users who are accustomed to remaining signed into web sites via session cookies. “The general user [finds] it normal to just open a browser and be already logged in which is where this vector takes advantage,” O’Reilly said.<\/p>\n","protected":false},"excerpt":{"rendered":"
The Python-based tool, dubbed TSURT (trust in reverse) uses the open source web scrapy framework Scrapy to pull user information like logos or avatars from a target site which are then embedded in the phishing page.<\/p>\n
In a video demonstration, the tool pulls down a Facebook account profile picture which is then placed inside a fake Facebook dashboard screen featuring a fake private message.<\/p>\n
If an attacker wants to do a targeted attack its not the hardest thing in the world to have access to basic creds like account number or BSB.” “If a victim saw this in a banking dashboard it would definitely raise less alarms alarms as opposed to usual phishing techniques which just rudely slap the user with a login page.”<\/p>\n
Link: http:\/\/www.scmagazine.com.au\/News\/331434,new-phishing-tool-mimics-logged-in-dashboards.aspx?utm_source=feed&utm_medium=rss&utm_campaign=SC+Magazine+All+Articles+feed<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2432","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2432"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2432\/revisions"}],"predecessor-version":[{"id":4919,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2432\/revisions\/4919"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}