Phishing attacks come in many forms, such as URLs created to look similar to authentic websites, or emails that are seemingly legit. However, according to researcher James Fisher, he has discovered a new Chrome exploit that could let hackers create a very real-looking, but fake, address bar.
What this means is that with this fake address bar, it could be used to display the URL of a website, such as your bank, but the actual page in question belongs to someone else who might be trying to phish for your login credentials. As you can see in the screenshot above, the actual website in question belongs to Fisher, but the address bar display HSBC’s URL.
Now this fake address bar kind of goes away when you scroll up, but it seems that with a few tweaks, the hacker/attacker can actually make it so that the real address bar never reappears, thus giving you the impression that the website you’re browsing is legit. At the moment Google has yet to comment on the exploit and for the most part, this only seems to be affecting those who Chrome on mobile.
According to 9to5Google, one way to double-check if the website you’re visiting is legit is by locking and unlocking your phone again to force the real address bar to show. It’s a bit inconvenient, but we suppose it’s a whole sight better than having your credentials stolen.