• Godort@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    An attack using this tool does require that the user actually logs in, but because they’re just acting as a proxy for the real login page, the only way you’d spot the difference is if the URL doesn’t match (or that your password manager doesn’t auto-fill)

    However, it’s pretty easy to see that someone would be fooled by that as you’d expect to need to confirm your identity when adding a gift card to your steam account.