Chrome on Android: Phishing attackers can now trick you with fake address bar

[silversurfer]

Why display the URL bar on a mobile device when you can give users more screen space by hiding it?

Google Chrome for Android does just that after a page has loaded, concealing information about the URL and expanding the screen space available to display content from the web page. 

The feature is handy for users, but developer James Fisher is drawing attention to the possibility that phishing attackers can abuse it to catch users off guard when browsing. 
As he demonstrates in a blogpost hosted on his website, the content can be made to convincingly look as if it were hosted on the website of UK banking giant HSBC, with the green HTTPS 'secure' padlock and all.

A phishing attacker would be relying on the chance that users aren't paying attention after clicking a link in a message and scroll down, at which point Chrome on Android hides the URL bar and gives that space to the web page. Chrome on iOS, which is based on Apple's WebKit, continues to display the original URL bar. 

SOURCE: https://www.zdnet.com/article/chrome-on-...dress-bar/

[Deep900]

Phishing developers can surely have advantages to trick the users. It can happen that a site is missed by browser filters and if this happen is good to not put information on forms and click on every button to avoid to be phished. Also is very good to add most famous sites in our bookmarks to avoid to visit fake versions of legit websites.