|
|
|
|
|
|
by thaumasiotes
1686 days ago
|
|
|
> If the request is made by the attacker domain instead and proxied to you, then it doesn't have your cookies to display the private identification. Why is that a concern? You try to log in on a phishing site. The phishing site tries to log in as you at your bank's actual website. Your bank sends the phishing site your picture. The phishing site displays your picture to you. |
|
|