Stop scammers from the manipulating DOM. See demo
Scammers are using dev tools to manipulate values in pages to trick unsuspecting victims into sending them money. These victims are typically the elderly. ๐ข
They connect to their victim's machines via remote desktop software under the guise of tech support or some other well known company.
The scammer then attempts to convince the victim they have received a larger than expected "refund" by manipulating the victim's bank user interface via chrome dev tools with the goal of getting the victim to mail them cash.
See this video for how the refund scams work.
DOMGuard is a small javascript library (~130 lines of code) & proof of concept to help put an end to these criminals.
Any changes attempted via Javascript are detected by MutationObserver.
Additionally, guarded DOM nodes are checked via a "hearbeat" every 500ms
to ensure the values are what they should be.
View the source code.
npm install dom-guard
import DOMGuard from 'dom-guard'
const guard = new DOMGuard({
selector: '#protected', // DOM Selector to protect
heartbeat: 1000 // Check for manipulation every 1 second
})
// Initialize DOMGuard on the #protected selector
guard.init()
// Turn off guard
guard.disable()
npm install
npm run build
npm run serve
Please note, there isn't a foolproof solution for stopping social engineering attacks against your users.
Please educate your users on the dangers of these scams & add 2FA etc into your apps.