False login pages are a rampant way of phishing login credentials from users. If a site appears legit, most people will simply begin to enter their username and password without confirming if the URL is correct (or if the site is a legit one.) To make matters worse, Jim Fisher revealed how straightforward it is for a website to use an address bar that is not real and make you feel you are where you want to be, when in actual fact, you are not.
Normally, you can check the left of the address bar to know if a website is legit or not. Make sure you do not place so much faith in that small graphic though, because phishers have perfected a plan to make mobile web pages show fake URL bars in Google Chrome, including the padlock icon plus a replacement URL. This inception bar, like it is called, will replace the legit address bar in your browser. If you do not calm down, you might think that your browser is functioning as it should.
The scam is possible due to the UI on Chrome mobile often disappearing as you swipe down a page, plus website programmers are capable of overriding and preventing the UI, which includes URL bar, from re-showing.
You Might Also Want To Read- Working Live Football Streaming Apps To Watch Football Live
Jim Fisher said, “This is bad, but it gets worse. Normally, when the user scrolls up, Chrome will re-display the true URL bar. But we can trick Chrome so that it never re-displays the true URL bar! Once Chrome hides the URL bar, we move the entire page content into a “scroll jail” – that is, a new element with overflow:scroll. Then the user thinks they’re in their own browser, but they’re actually in a browser within their browser.
But it gets even worse! Even with the above “scroll jail”, the user should be able to scroll to the top of the jail, at which point Chrome will re-display the URL bar. But we can disable this behavior, too! We insert a very tall padding element at the top of the scroll jail. Then, if the user tries to scroll into the padding, we scroll them back down to the start of the content! It looks like a page refresh.”
You Might Also Want To Read- Microsoft Windows 10 Screen Mirroring Feature Compatible Android Device Lists Updated
Google is currently trying to fix this clever loophole, but there are still some ways to reveal these inception bars:
- You can make the Chrome application reveal the UI, even if we expect the website to always block it. You only have to lock your phone screen while the Chrome application is launched. This will reset the Chrome application window to reveal the UI. If the URL is a false one, a double URL bar will be shown to you, the URL on top is the legit one, the one below is the inception bar.
- Are you browsing with various tabs open? watch out for the number shown in the tabs icon. Most times, inception bars will reveal wrong numbers here.
- The fresh dark mode in Chrome Android ensures it is less complicated to detect inception bars as well. If dark mode is activated, the URL bar and other UI elements will appear black, so the fake, white bars will be simpler to detect or the other way round, if you are making use of the regular Chrome mobile UI theme and the fake is black. This also works when you make use of reader mode, easier UI modes, or other themes in Chrome mobile that alter the way the URL appears.