Page 1 of 2 12 LastLast
  1.    15 Apr 2017 #1
    Join Date : Apr 2015
    Posts : 12,826
    W10Prox64

    Chrome+Firefox Phishing Attack Uses Domains Identical to Known Good


    This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

    Click image for larger version. 

Name:	image.png 
Views:	102 
Size:	20.4 KB 
ID:	130357

    As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com.

    How is this possible? The xn-- prefix is what is known as an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses ‘punycode’ encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar.
    What we have done above is used ‘e’ ‘p’ ‘i’ and ‘c’ unicode characters that look identical to the real characters but are different unicode characters. In the current version of Chrome, as long as all characters are unicode, it will show the domain in its internationalized form.



    How to fix this in Firefox:

    In your firefox location bar, type ‘about:config’ without quotes.
    Do a search for ‘punycode’ without quotes.
    You should see a parameter titled: network.IDN_show_punycode
    Change the value from false to true.
    Now if you try to visit our demonstration site you should see:





    Currently we are not aware of a manual fix in Chrome for this. Chrome have already released a fix in their ‘Canary’ release, which is their test release. This should be released to the general public within the next few days.

    Until then, if you are unsure if you are on a real site and are about to enter sensitive information, you can copy the URL in the location bar and paste it into Notepad or TextEdit on Mac. It should appear as the https://xn--….. version if it is a fake domain. Otherwise it will appear as the real domain in its unencoded form if it is the real thing.

    Read more here:
    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
      My ComputerSystem Spec
  2.    15 Apr 2017 #2
    Join Date : Oct 2013
    South Central Texas
    Posts : 151
    Windows 10 Pro x64

    Great info. Thanks for sharing.
      My ComputerSystem Spec
  3.    15 Apr 2017 #3
    Join Date : Sep 2015
    Staffordshire
    Posts : 362
    Windows 10 Pro

    Well spotted, need to use the about:config fix on all Firefox based browsers such as Palemoon, Waterfox etc.
      My ComputersSystem Spec
  4.    15 Apr 2017 #4
    Join Date : Aug 2016
    S/E England
    Posts : 4,506
    10 Home x64 (1709) (10 Pro on 2nd pc)

    I knew there was a good reason I stick with IE - it shows the raw 'punycode’.

    Oh... and so does Edge.
      My ComputersSystem Spec
  5.    15 Apr 2017 #5
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,925
    Windows 10 (Pro and Insider Pro)

    Quote Originally Posted by Bree View Post
    I knew there was a good reason I stick with IE - it shows the raw 'punycode’.

    Oh... and so does Edge.
    Is this confirmed for Edge? Currently with it... This is nasty one

    Thanks for the heads up @simrick .
      My ComputerSystem Spec
  6.    15 Apr 2017 #6
    Join Date : Apr 2015
    Posts : 12,826
    W10Prox64
    Thread Starter

    Quote Originally Posted by AndreTen View Post
    Is this confirmed for Edge? Currently with it... This is nasty one

    Thanks for the heads up @simrick .
    You can check out Edge, or any browser, using their sample site (in the original article). For me, Edge shows the correct site address.

    Click image for larger version. 

Name:	image.png 
Views:	90 
Size:	11.6 KB 
ID:	130378
      My ComputerSystem Spec
  7.    16 Apr 2017 #7
    Join Date : Jul 2015
    Posts : 868
    Windows 10 Home x64

    Thanks for posting. Fix applied to Firefox.
      My ComputerSystem Spec
  8.    16 Apr 2017 #8
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,925
    Windows 10 (Pro and Insider Pro)

    Quote Originally Posted by eLPuSHeR View Post
    Thanks for posting. Fix applied to Firefox.
    Browsing in Edge on Insider preview and Fox fixed. Is Firefox syncing this settings? Anybody knows?
      My ComputerSystem Spec
  9.    16 Apr 2017 #9
    Join Date : Apr 2015
    Posts : 12,826
    W10Prox64
    Thread Starter

    Quote Originally Posted by AndreTen View Post
    Browsing in Edge on Insider preview and Fox fixed. Is Firefox syncing this settings? Anybody knows?
    I have no idea, as I don't sync. Maybe someone else who does can answer that. Would be good to know.
      My ComputerSystem Spec
  10.    16 Apr 2017 #10
    Join Date : Oct 2016
    UK
    Posts : 198
    Windows 10 preview 64-bit

    Thank you simrik.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved Chrome pop up. Is it for real or Phishing
I've just had a pop up apparently from Chrome requesting me to click on links from the following address http(es,colon,slash,slash)support.google.com/chrome/?p=help&ctx=keyboard#topic=3227046 I am always dubious about being invited to click ...
Browsers and Email
FireFox and Chrome...Trouble with Amazon.com!
If I go to Amazon.com and look at my orders or look at any item that has images you can expand both FireFox AND Chrome will freeze. IE is still OK. Not sure when this happened but I do not know if it is related to blocking popups or not. Could it be...
Browsers and Email
Youtube pixelated in chrome, not firefox
Please see these printscreens of the same youtube vid, both on same quality, one on chrome one on firefox. Pixelation is clearly visible in the chrome pic on at the top. In particular look at the neckline of the guy second from the right. What's...
Browsers and Email
Firefox API to Support Chrome, Opera
http://www.majorgeeks.com/news/file/6840_chrome-firefox-opera.jpg Read the full announcement here.
Browsers and Email
IE 12 UI overhaul is a blend of Chrome and Firefox
Read more
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:10.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums