How do you check if a website asking for your credentials is fake or legit to log in?
By checking if the URL is correct?
By checking if the website address is not a homograph?
By checking if the site is using HTTPS?
Or using software or browser extensions that detect phishing domains?
Well, if you, like most Internet users, are also relying on above basic security practices to spot if that “Facebook.com” or “Google.com” you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers.
Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, told The Hacker News that his team recently spotted a new phishing attack campaign “that even the most vigilant users could fall for.”