Navigating the web is getting more difficult every day.
Strange iPhone Passcode Pop-up: Scam or Legit?
Most websites these days offer multiple options to create an account. You can either register on the website or use the single sign-on (SSO) mechanism to log in to the website with your existing accounts with reputable companies such as Google, Facebook or Apple. A cybersecurity researcher has capitalized on this and devised a new mechanism to steal your credentials by creating a virtually undetectable fake SSO login window.
"The growing popularity of SSO offers many advantages to [people]," Scott Higgins, Director of Engineering at Dispersive Holdings, Inc., told Lifewire via email. "However, clever hackers are now taking advantage of this avenue in ingenious ways."
Traditionally, attackers have used tactics such as homograph attacks, where some of the letters in the original URL are replaced with similar-looking characters, creating new, hard-to-recognize malicious URLs and fake login pages.
