Fake EV certificate was NOT used in Steam trade phishing attacks

Closer inspection reveals that the Steam login page is also a spoof form, and it is not actually being displayed in a new browser window at all — it is being shown in an interactive, movable iframe that behaves like a window, allowing the fraudster to dress the “window” up however he likes. The tell-tale feature to look out for here is that the fake window cannot be maximized or moved beyond the boundaries of the spoof trading website.

Attractive phishing domains 😎

Attractive phishing sites

We need better education

--

--

--

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Are You Properly Testing Your Web Application Security?

The economics of (personal) data

How Do You Start Ethical Hacking?

Dvision Network releases the LAND NFT Staking Service!

InfoSecSherpa’s News Roundup for Sunday, May 8, 2022

Oil Refinery. Image by SatyaPrem from Pixabay.

Are you ready to be cloud native and secure?

Tryhackme:CC: Pen Testing(PART-1)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Paul Walsh

Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

More from Medium

Flash Player has been discontinued for almost a year, so what exactly are you updating?

The Exponential fear of log4j

Manually Updating GVM

Supply Chain Cyber Attacks Don’t Mean Stop Patching Software