A new phishing technique has popped up and it’s known as inception bar. One of the developers Jim Fisher recently identified this phishing method and have outlined in his blog how easy it is for websites to trap the users in a fake web address bar besides making users think that they are actually on the ‘desired’ page when in reality they are not.
In his blog post, Jim Fisher explained how easy it was for websites to trap the users through inception bar. The proof which he provided is as following:
The above screengrab exhibits that Jim Fisher actually opened hsbc.com website when it reality he did not. Instead, he hosted the page on jameshfisher.com. Surprised, aren’t you? Well, don’t be as Jim Fisher has also provided a solution through which one can differentiate between an actual address bar and an inception bar.
How to protect from inception bar technique?
Upon opening a website from Google and from your mobile, an inception bar will jail you in believing that you are at the correct and authentic page. However, to avoid yourself from any such phishing method, you can follow these steps:
- Even if a website blocks it, enforce the Chrome app on your mobile to display the user interface (UI). To make it happen, you would be required to lock your phone screen while keeping the Chrome app open. Thereafter, unlock your device and subsequently this move will reset the Chrome app window so that it displays the UI. In case a URL is bogus, you will get to see 2 URL bars. The one on the top would be the right URL while the one at the bottom would be an inception bar.
- More often than not, inception bars will always display inaccurate number of tabs which are open. Therefore, if you are browsing with plenty of tabs open, watch out for the numbers displayed in the tabs icon.
- One of the key features in Chrome Android is the new dark mode which eases the users in noticing inception bars. The UI elements and the URL bar will turn black if dark mode is enabled. This will make it easier for a user to spot a white URL bar which will be bogus and fake. You can also switch back to the normal mode in order to spot a fake URL bar if the image was created against a dark background. In addition, user can also enable the reader mode or change background themes to identify any suspicious UI element.