Failure Pattern
Malicious pages overlay or frame legitimate login forms, stealing credentials or tokens, meaning browser sandboxing failed.
User Impact
Users type into what “looks like” the real site while actually feeding a malicious layer.
Underlying Causes
Weak cross-origin frame enforcement
Pixel-perfect overlays bypassing visual cues
No cryptographic identity validation for UI layers
Trust-Native Resolution
DTL-enforced browsers refuse to display untrusted overlays. Only trusted workloads can render credential UIs.
Broken Trust Assumption
Many of the most damaging breaches of the past decade occurred in environments that were fully authenticated, encrypted, and compliant.
Incidents including SolarWinds, NotPetya, Capital One, and MOVEit show a consistent pattern: attackers succeeded by inheriting trust, not by breaking it. Security controls validated access, but not intent.