Hacker News new | past | comments | ask | show | jobs | submit login

To some extent.. Yes.

The attacker can replace the current page with his own phising page.

Of course, the hostname part of the url would change, but the user is unlikely to notice that.




Case in point: People still fall for things like `facebook.com.totallynotaphishingsite.com'


It's a huge difference between clicking on a random facebook.com.totallynotphishing.com link, and being on the legitimate facebook.com and having that tab automatically go to a phishing site while you're not looking.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: