Scammers are using dev tools to manipulate values in pages to trick unsuspecting victims into sending them money. These victims are typically the elderly. 😢
They connect to their victim's machines via remote desktop software under the guise of tech support or some other well known company.
The scammer then attempts to convince the victim they have received a larger than expected "refund" by manipulating the victim's bank user interface via chrome dev tools with the goal of getting the victim to mail them cash.
See it in action
Try to mutate the protected selected in the JS console
document.querySelector('#protected').innerText = 'ah ah ah didnt say the magic word'
No soup for you!
Here is a larger protected div. They are also guarded
Here is a quick video on how the scammers operate.
Please share this with people you think might be vulnerable to such a scam ❤️
How does this work?
Additionally, guarded DOM nodes are checked via a "hearbeat" every `500ms` to ensure the values are what they should be.
View the source code.