|
|
|
|
|
|
by strogonoff
2199 days ago
|
|
|
While I don’t welcome hiding full URLs at all and won’t use any browser that doesn’t allow to turn that off easily, this matter is more or less orthogonal to phishing. If domain-owning organization fails to prevent a third party from hosting a phishing site under a path or a subdomain, that third party is likely well-positioned to deface the existing pages. With a subtle alteration (scripts that capture credentials and transmit them out), the existing pages grant an attacker all of the users with no extra effort—as opposed distributing a link to a fake page, convincing the user that the page is legit, and in the end getting a fraction of the user base. |
|
|