Read the Latest News and stay updated regarding Cybersecurity,
Encryption, Privacy, Safe solution to communicate across Internet.

Teach a person to fish, and they can feed themselves, teach a hacker to Phish, and they can trap the unwary. Okay, poor metaphor using the old text, but phishing remains one of the most dangerous forms of cyberattack and one of the most lucrative. Unfortunately, the bad actors never rest and have recently launched a sophisticated new attack that can snare even seasoned and prepared veterans.

According to an article in The Hacker News, this new attack builds off the common practice of giving online users the option of accessing special deals or content by using their email or logging in through their Facebook account. When a potential victim takes the “bait” in the form of logging in using their FB credentials, the trap is sprung.

Using a combination of JavaScript and HTML, the phishing attack launches an identical replica of the familiar FB popup login dialog prompt. It is convincing. You can move it around the desktop; you can interact with it. It has all the expected components of the typical login prompt. Ingenious and diabolical.

Antoine Vincent Jebara, the co-founder of password manager software, Myki, said he and his team recently spotted the phishing attack. One way to determine that it is a fake login prompt is to try and move the prompt outside of the window it is displayed, to the desktop for example. The portion of the prompt that leaves the window will disappear.

You can observe the appearance and behavior of the in this video.

It is always wise to take precautions before clicking on a link that you aren’t 100% sure is legit. As a reminder, always be sure to:

·         Check the URL for accuracy, odd naming conventions.

·         Look for incorrect grammar including sentence structure and wording.

·         If it is a secure site, be sure the URL uses https in its address.

·         Install, update, and use a malicious site detection tool.

·         Trust your instincts. If it seems phony or the request is for financial or sensitive personal info, go directly to the site and log in.

You might also consider avoiding the use of Facebook to login. That happens to be the author’s practice. FB seems to have enough issues without me exposing my account to every Johnny-come-lately site that wants me to log in via FB.

If you have a situation where you need the top secured communication solution for transmitting data, both business and personal, swing by CRIP.TO and catch up on our best in class, end-to-end, encryption solutions. From personal communications to factory floor data encryption, our unique hardware and software combination might be the answer to your needs.

In the meantime, exercise caution, as always when responding to online and email enticements. You never know when some phisher is out there, waiting to set the hook.


Do You Have a Tip or a suggestion for an interesting topic? Tell Us About It.


We are dedicated to creating an innovative best-in-class distributed solution that exploits the power of the blockchain.

Stay Updated

Enter your e-mail and we will keep you updated with our latest news.

Am I a Robot?