
Unique phishing method using fullscreen API - EGreg
https://medium.com/@409h/unique-phishing-method-to-look-out-for-the-fullscreen-api-e6cd08a6293a
======
EGreg
Many years ago, I wrote an email to Steve Jobs saying that apps can easily
spoof the MacOS password dialog. The solution is to show people a specific
phrase they pre-chose in the OS, displayed in the textbox when they put their
cursor in the textbox, and cause a delay (and maybe colorful animation) so
they may stop if the phrase doesn’t match.

With websites you can do the same to prevent clickjacking, or an alert if
there is no textbox.

