This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

change the screen appearance if developer tools have been used to alter web content

j4232l
New member
‎08-15-2022 09:16 PM
Status: New idea

I wish to request a change in product functionality to make it harder for phone scammers to steal money from people.

Common sense would have it that you should never login to online banking when somebody is remotely accessing your computer, but a lot of scams rely on people doing this (as seen on YouTube):  you get a robocall, and if you choose to speak to a live agent, they request remote access to your computer.  Then they tell you to login to online banking to get a "refund" but they alter the webpage to make it look like they "accidentally" refunded an excessively large amount of money to your bank account.  Then they try to get you to pay the "excess" amount "back" to them.

This scam relies on the "feature" of some remote assistance software to blank the screen for local users while the scammer uses the developer tools to alter the content of online banking web pages to show fake transactions, etc.  Ideally, Mozilla Firefox should be able to detect if somebody is using remote control software to view the user's screen.

If a remote user (such as somebody using AnyDesk, GotoAssist, TeamViewer, or LogMeInRescue) accesses the developer tools to alter the appearance of a web page, there should be a prominent blinking warning that the content may have been altered. Only a person locally accessing the computer should be able to suppress the warning, and the warning should not be able to be suppressed at all if the person is accessing an online banking site unless they're accessing it from an IP address registered to the bank.

Detection of online banking sites may be done by downloading a list of legitimate banking sites from financial regulation authorities, such as the FDIC.  Not sure how one would programmatically detect whether the computer is being remote controlled, but if this is not technically feasible, then just put the prominent blinking warning anytime somebody uses the developer menu to alter the appearance of a web page.  To suppress the warning, you can produce a separate "developer edition" of Firefox (not to be confused with beta or alpha testing builds - but rather, simply a version where the "developer tools" don't display a warning.) (Or, in the alternative, an actual web developer can edit the HTML or Javascript in an external text editor and load the page from a file instead of the live website.)

Comment
6 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎08-16-2022 06:25 AM
‎08-16-2022 06:25 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Honza
Employee
Employee
‎08-24-2022 02:04 AM
‎08-24-2022 02:04 AM

This is an interesting idea and yes, it's frustrating to see how DevTools can be used by scammers.

We've been solving similar problem with automation testing where remote clients can operate the browser and perform automated tests. We are showing visual clue when the remote connection (aka remote agent) is active. Perhaps we could use similar thing in this case.

Could you please report a bug here, so this isn't forgotten and it's part of our bug tracker and backlog. Here is a link pointing to the right Bugzilla component: https://bugzilla.mozilla.org/enter_bug.cgi?product=DevTools&component=General

Thank you!

 

 

zlee12
New member
‎11-08-2022 01:35 PM
‎11-08-2022 01:35 PM

Having HTML EDITED Dont Trust Your Screen Warning would make harder to execTech Help Banking Scams !

https://www.youtube.com/results?search_query=html+edit+bank+scam

Having A Warning whenever HTML was edited from the browser would make the life of tech bank HTML editor refund scammers much harder!

jscher2000
Leader
‎11-08-2022 08:27 PM
‎11-08-2022 08:27 PM

That would be very helpful. Pages often change after the initial load, for example, when you scroll down or mouse over an element, so the feature would need to be very targeted. For example, maybe Firefox should highlight elements changed by hand through the developer tools?

zlee12
New member
‎11-09-2022 08:00 AM
‎11-09-2022 08:00 AM

Exa

@jscher2000 wrote:

That would be very helpful. Pages often change after the initial load, for example, when you scroll down or mouse over an element, so the feature would need to be very targeted. For example, maybe Firefox should highlight elements changed by hand through the developer tools?

@jscher2000 wrote:

That would be very helpful. Pages often change after the initial load, for example, when you scroll down or mouse over an element, so the feature would need to be very targeted. For example, maybe Firefox should highlight elements changed by hand through the developer tools?

Exactly, These scammers are using Devtools to edit your banking data, so You think You need to refund money to them.
Aramis557
New member
‎02-14-2023 03:41 PM
‎02-14-2023 03:41 PM

Totally agree with this improvement. Lately  using Firefox I'm not able to access my bank account but  using Android or MS Edge works perfect. Don't know if this was the result of of an update but makes me to avid Firefox for online banking

Copyright © 2024 Khoros, LLC