If we all believe phishing was over, then we must reconsider. With fingerprint authentication, security keys, and strong tech like FIDO2, it seems like hackers should be out of luck. But this is the thing: they're still finding a way in.
I know—it sounds crazy. But it's true.
You will never believe but instead of stealing your password they trick you to log-in for them.
Then:
I know—it sounds crazy. But it's true.
"Phishing-Proof" Is Not "Hack-Proof"
First, let's understand that phishing-resistant is not trick-proof but a little hard to fool. But if we are speaking about hackers then they are very smart.You will never believe but instead of stealing your password they trick you to log-in for them.
Here is the Trick: Man-in-the-Middle Attacks
Hackers make imitation sites, which are a perfect copy of the original sites-your bank, your e-mail, whatever, it could be anything.Then:
- You unknowingly go to the imitation site.
- You enter your login details or your security key.
- The hacker passes this on to the real site behind the scenes.
- You log in and everything is normal to you.
- But the hacker steals your session cookie (that's what keeps you logged in).
Who Gets Hit?
You may think, "No one cares about my stuff." These attacks target:- Company employees
- Government workers
- Average people with valuable accounts
- Anyone who is online can become a target.
What Can You Do To Help Yourself?
There is no silver bullet, but here's what really works:- Use security keys that authenticate the website's address (origin checks)
- Enable other features such as token binding if you can
- Check website URLs—are they legitimate?
- Avoid clicking on login links in messages or emails
- Browser add-ons will also warn you if something's wrong.