1

I received a mail from a friend who I was playing together in a multiplayer game. And it had a link to phishing page which would ask to login to view the file that the sent me. And my antivirus found it as a threat. I inspected the page it is a perfect template for phishing scam.

hxxp://www.katiavale.com.br/fujitsu/note/index.html

I want know when I am logged inside Gmail and if I click a link is there some way to access Gmail session data containing my authentication details using JavaScript even if I didn't do anything other than click on the link.

Mark Buffalo
  • 22,508
  • 8
  • 74
  • 91
Sachin Divakar
  • 113
  • 4
  • 3
    Please do not post malicious links. This page can be blocked by a more advanced proxy; furthermore other users could click on it; and you also do not want to give it SEO points in backreferences in google. – Rui F Ribeiro Jan 19 '16 at 14:08
  • 3
    @RuiFRibeiro: While you are fundamentally true, I've already edited the post to make the link not clickable by codifying it so no one will inadvertently click on it nor will it have any SEO side-effect. However, keeping the whole URL is necessary for the understanding of the question (how can one advise the OP without checking the actual page?). For more information on the ways to handle malicious URLs in posts, you can check meta threads [here](http://meta.security.stackexchange.com/q/1733/32746) and [there](http://meta.security.stackexchange.com/q/1211/32746). – WhiteWinterWolf Jan 19 '16 at 14:19
  • 1
    @RuiFRibeiro I did not think of other users submiting their credentials .Since before my link I have said that its a phishing suspected link . – Sachin Divakar Jan 19 '16 at 20:41

1 Answers1

5

According to VirusTotal, Sophos anti-virus seems to be the only one yet to consider this page as malicious. However, as you correctly analyzed it, this page is a blatant phishing attempt.

Your browser would normally not let a page, even a malicious one, get any information of what is going on in the other tabs. The only exception is when a page delivers some malware which will either exploit a browser vulnerability or install itself in your computer (well beyond browser's control reach).

Here, at a first glance this page's goal doesn't seem to infect you with any malware but just to collect you credential for various systems. So, as long as you did not filled any of its fake authentication forms, then I consider you should be safe.

WhiteWinterWolf
  • 19,142
  • 4
  • 59
  • 107