DavidWells / dom-guard

πŸ” Lock DOM node contents to protect people against scammers using browser devtools

Home Page:https://dom-guard.netlify.app

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

DOM Guard

Stop scammers from the manipulating DOM. See demo

About

Scammers are using dev tools to manipulate values in pages to trick unsuspecting victims into sending them money. These victims are typically the elderly. 😒

They connect to their victim's machines via remote desktop software under the guise of tech support or some other well known company.

The scammer then attempts to convince the victim they have received a larger than expected "refund" by manipulating the victim's bank user interface via chrome dev tools with the goal of getting the victim to mail them cash.

See this video for how the refund scams work.

DOMGuard is a small javascript library (~130 lines of code) & proof of concept to help put an end to these criminals.

How does this work?

Any changes attempted via Javascript are detected by MutationObserver.

Additionally, guarded DOM nodes are checked via a "hearbeat" every 500ms to ensure the values are what they should be.

View the source code.

Install

npm install dom-guard

Usage

import DOMGuard from 'dom-guard'

const guard = new DOMGuard({
  selector: '#protected', // DOM Selector to protect
  heartbeat: 1000 // Check for manipulation every 1 second
})

// Initialize DOMGuard on the #protected selector
guard.init()

// Turn off guard
guard.disable()

Running the demo

npm install
npm run build
npm run serve

Caveats

Please note, there isn't a foolproof solution for stopping social engineering attacks against your users.

Please educate your users on the dangers of these scams & add 2FA etc into your apps.

About

πŸ” Lock DOM node contents to protect people against scammers using browser devtools

https://dom-guard.netlify.app


Languages

Language:HTML 60.2%Language:JavaScript 39.8%