Cybercriminal adoption of browser fingerprinting

2024-04-05 05:00

Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns.

While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now also commonly exploited by cybercriminals: a recent study shows one in four phishing sites using some form of this technique.

Browser fingerprinting uses a variety of client-side checks to establish browser identities, which can then be used to detect bots or other undesirable web traffic.

Browser fingerprinting is used by many legitimate providers to detect bots misusing their services and other suspicious activity, but phishing site authors have also realized its benefits and are using the technique to avoid automated systems that might flag their website as phishing.

Below is an example of one of the browser fingerprinting checks implemented on a phishing site.

Browser fingerprinting is very effective at identifying these automated systems, allowing site authors to alter their site content based on the results.

News URL

https://www.helpnetsecurity.com/2024/04/05/browser-fingerprinting/

#browser #cybercriminal