Image

You could be vulnerable to this hard to detect phishing attack

There’s a new phishing attempt going around that is almost impossible to detect. This clever exploit makes bogus URLs appear as legitimate sites in both Firefox and Chrome, and can even mimic the green lock icon of secure HTTPS sites.

Most users don’t know the difference, and even expert users can be fooled with these look-a-like URLs. The Chinese security researcher who discovered the attack, Xudong Zheng, said that “It becomes impossible to identify the site as fraudulent without carefully inspecting the site’s URL or SSL certificate.”

An example of this is the domain xn--80ak6aa92e.com (Set up by The Hacker News), which would show up in Chrome and Firefox as apple.com using this exploit.

How you can keep yourself from falling victim:

Practice secure browsing habits.

Keep your browsers up to date. When a patch is released, these companies are typically very quick to respond.
Avoid clicking any URL sent via email that require you to login or request sensitive information.
Manually type in the website address of any site where you are giving personal information.

Use a password manager.

If you don’t already use a password manager, such as LastPass, now would be a great time to start. They are great for automatically filling in passwords so you don’t have to remember them. But there’s also an added benefit! Password managers and their extensions for your browser will not automatically fill in your info for these bogus sites.

Fix the problem manually in Firefox

There is a way to fix the issue in Firefox manually until a patch is released.

  1. Type ‘about:config’ in address bar and press enter.
  2. Type ‘Punycode’ in the search bar.
  3. The option titled ‘network.IDN_show_punycode’ will appear. Right-click and choose ‘Toggle’ or double-click to change the value from false to True.

Firefox will now show the bogus URLs as their original string of characters.

Staying aware of current online security news can help you stay safe online. Follow us on Facebook to keep up with the latest updates.

Sources:
https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

Share this Post

What's New?

Featured image for “What is a Cloud Based Business System, and do you need one?”

What is a Cloud Based Business System, and do you need one?

Featured image for “Two-Factor Authentication: A Look Back and Forward”

Two-Factor Authentication: A Look Back and Forward

Featured image for “Switching To A Paperless Environment”

Switching To A Paperless Environment

Featured image for “Physical vs Virtual Servers”

Physical vs Virtual Servers

Featured image for “Microsoft Office Upgrade Time”

Microsoft Office Upgrade Time

Topics