It turns out that halfway clever phishing attacks really, really work

So the real challenge for a phisher is to be able to craft a fake web page that will trick your auto fill password manager. Maybe like the computer generated images that look nothing like a bird or whatever except to another computer.

the bottom line is never open an attachment unless you were waiting for it to arrive
J

They would basically need to be able to spoof the domain, as that seems to be how it works…or exploit the URL parser. There was a bug about this last year, but it was patched within 24 hours of discovery. I know that there are already some pretty clever other autofill hacks though, like this one that takes more info than it seems to be taking, though most of the more popular managers have protections against this sort of thing.

This topic was automatically closed after 5 days. New replies are no longer allowed.