Scammers have a new tool in their toolbox they have been using lately. They are using your own browser (Google Chrome, Microsoft Edge, Firefox and Safari) against you.
Living Off The Land
When scammers live off the land, they use the resources readily available to them on the victim’s computer against them. They usually use a system file in a way it wasn’t intended to be used. In this case, they are using a browser feature you use to surf the Internet. They are utilizing a feature of browsers to make the screen full size on your display. What this does is hides your address bar. And, when you can’t see the address bar, you can’t tell the site you are trying to log in to.
<Blank> In The Middle Attack
Browser In The Middle. That is the full name of this technique, which is usually shortened to BITM. What the ‘In the Middle’ part refers to is the part between the user and the website in this case, which is the browser. ‘In the Middle’ is used quite a bit in cybersecurity, most commonly in Adversary In The Middle, or AITM. Where the adversary is someone (the scammer) intercepting traffic between you and a website you are visiting. The scammer would be listening in on all the activity between you and the legitimate website, like your bank’s website. They listen as the traffic goes past them to the real site. They might intercept that traffic, or simply listen in and replay it later on, pretending to be you.
Address Bar
By making your screen full size, it hides your address bar, the menu bar and your bookmark bar. The Address bar displays the website address and the site’s security. When the browser is in full screen mode, it gives you an unhindered view of the website you are currently accessing. By hiding the address bar, you have no idea if you are on your banks website or some scammer site. We use the address bar a lot to make sure we are safe. If it isn’t there, we might not notice.
Browser Response
Different browsers respond differently to when a page goes full screen. Chrome and Firefox both display a warning with little information. Firefox, does display the website address, but it disappears quickly. Safari shows no information at all or warning message.
What It Looks Like
Say you get an email from your bank stating you need to log in now. You click the link in the email, which opens a new tab in your browser. Then, it goes full screen, and you can’t verify whether you are actually on your bank’s website or not. You might not know how to exit the full screen. By the way, it is holding ESC in Chrome, pressing F11 in Firefox, and pressing ESC in Safari.
How To Protect Yourself
- Always check your links before clicking on them
- Keep your browsers updated to avoid weaknesses like this. This may be fixed in a future update
- Pay attention whenever you click on a link. If you see something strange like, this, back away. Close the browser and start again paying special attention to the link you are clicking on.
- Use a known safe link to access any website, not from links in an email.
