{"id":3922,"date":"2026-04-01T00:00:00","date_gmt":"2026-03-31T22:00:00","guid":{"rendered":"https:\/\/certitude.consulting\/blog\/?p=3922"},"modified":"2026-04-10T10:59:22","modified_gmt":"2026-04-10T08:59:22","slug":"it-sicherheit-de-reports-on-the-discovery-of-a-new-phishing-method","status":"publish","type":"post","link":"https:\/\/certitude.consulting\/blog\/en\/it-sicherheit-de-reports-on-the-discovery-of-a-new-phishing-method\/","title":{"rendered":"it-sicherheit.de Reports on the Discovery of a New Phishing Method"},"content":{"rendered":"\n<p>Our recently published finding on a new phishing method has also been picked up by it-sicherheit.de. Cyber security specialists at Certitude have identified how attackers can exploit the browser\u2019s fullscreen functionality unnoticed and potentially bypass phishing protection mechanisms. This enables the display of manipulated Windows login screens.<\/p>\n\n\n\n<p>A detailed example of a possible attack scenario can be found at the following link<br><a href=\"https:\/\/www.golem.de\/news\/kein-patch-verfuegbar-forscher-demonstrieren-windows-passwortklau-ueber-den-browser-2603-206956.html\"><\/a><a href=\"https:\/\/it-sicherheit.de\/news\/neuartige-phishing-methode-mit-vollbild-hijacking-entdeckt\/\">Phishing method using fullscreen hijacking discovered<\/a><\/p>\n\n\n\n<p>The underlying analysis with a detailed attack scenario can be found in our research blog:<br><a href=\"https:\/\/certitude.consulting\/blog\/en\/abusing-modern-browser-features-for-phishing\/\"><\/a><a href=\"https:\/\/certitude.consulting\/blog\/en\/abusing-modern-browser-features-for-phishing\/\">Abusing Modern Browser Features for Phishing \u2013 Certitude Blog<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"303\" height=\"1024\" src=\"https:\/\/certitude.consulting\/blog\/wp-content\/uploads\/2026\/04\/10-04-2026_10-28-08-2-303x1024.png\" alt=\"\" class=\"wp-image-3943\" srcset=\"https:\/\/certitude.consulting\/blog\/wp-content\/uploads\/2026\/04\/10-04-2026_10-28-08-2-303x1024.png 303w, https:\/\/certitude.consulting\/blog\/wp-content\/uploads\/2026\/04\/10-04-2026_10-28-08-2-89x300.png 89w, https:\/\/certitude.consulting\/blog\/wp-content\/uploads\/2026\/04\/10-04-2026_10-28-08-2-768x2593.png 768w, https:\/\/certitude.consulting\/blog\/wp-content\/uploads\/2026\/04\/10-04-2026_10-28-08-2-455x1536.png 455w, https:\/\/certitude.consulting\/blog\/wp-content\/uploads\/2026\/04\/10-04-2026_10-28-08-2-scaled.png 758w\" sizes=\"auto, (max-width: 303px) 100vw, 303px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Our recently published finding on a new phishing method has also been picked up by it-sicherheit.de. Cyber security specialists at Certitude have identified how attackers can exploit the browser\u2019s fullscreen functionality unnoticed and potentially bypass phishing protection mechanisms. This enables the display of manipulated Windows login screens. A detailed example of a possible attack scenario [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":3913,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,128],"tags":[782,440,784],"class_list":["post-3922","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-expertise","category-press","tag-hijacking","tag-phishing-en","tag-windows-password"],"_links":{"self":[{"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/posts\/3922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/comments?post=3922"}],"version-history":[{"count":6,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/posts\/3922\/revisions"}],"predecessor-version":[{"id":3944,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/posts\/3922\/revisions\/3944"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/media\/3913"}],"wp:attachment":[{"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/media?parent=3922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/categories?post=3922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certitude.consulting\/blog\/wp-json\/wp\/v2\/tags?post=3922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}