Windows 10: Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites

Page 1 of 2 12 LastLast

  1. Posts : 3,210
    10.5 Home 1803 x64
       16 Apr 2017 #1

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites


    This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:

    This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

    This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

    We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.

    Here is what the real epic.com looks like in Chrome:


    Here is our fake epic.com in Chrome:


    And the real epic.com in Firefox:


    And here is our fake epic.com in Firefox:


    As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com.

    The real epic.com is a healthcare website. Using our unicode domain, we could clone the real epic.com website, then start emailing people and try to get them to sign into our fake healthcare website which would hand over their login credentials to us. We may then have full access to their healthcare records or other sensitive data.


    Source:
    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
      My ComputerSystem Spec


  2. Posts : 3,210
    10.5 Home 1803 x64
       16 Apr 2017 #1

    You can set Firefox to show the URL in its un-encoded form. As for Chrome, check certificate.
    You should always check certificate before logging to secure webpage, because of other attacks.
    Attached Thumbnails Attached Thumbnails capture_04162017_153937.jpg  
      My ComputerSystem Spec

  3.    16 Apr 2017 #2

    If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
      My ComputerSystem Spec

  4.   My ComputerSystem Spec


  5. Posts : 12,530
    Windows 10 (Pro and Insider Pro)
       16 Apr 2017 #4

    better twice than none at all
      My ComputerSystem Spec

  6.    17 Apr 2017 #5

    Firefox x64 Phishing Attack + TorBrowser 7a2


    Unless we do something wrong, In about:config (ffx64), the parameter below is not shown on the list. Instead, we must search for it in the top bar:

    network.IDN_show_punycode

    SET it to <<true>> and the bug disappears.

    As some reported this bug is not present in Edge here too. The bug also affects Tor Browser Beta and the same solution works fine.

    Thanks for heads up!


    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites


    Last edited by MikeMecanic; 19 Apr 2017 at 20:51.
      My ComputerSystem Spec

  7.    18 Apr 2017 #6

    prikker said: View Post
    If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
    Kaspersky Total Security rejects that link.
      My ComputersSystem Spec

  8.    18 Apr 2017 #7

    It seems all of my browsers are on top of this. You'd have to pro-actively click the warnings to go to the site.
    Click image for larger version. 

Name:	Screenshot_1.jpg 
Views:	1 
Size:	49.6 KB 
ID:	130712 Edge

    Click image for larger version. 

Name:	Screenshot_2.jpg 
Views:	1 
Size:	100.4 KB 
ID:	130713 Pale Moon

    Click image for larger version. 

Name:	Screenshot_3.jpg 
Views:	1 
Size:	151.8 KB 
ID:	130714 Chrome
      My ComputerSystem Spec

  •    18 Apr 2017 #8

    I get this in firefox

    Click image for larger version. 

Name:	secure.jpg 
Views:	2 
Size:	40.1 KB 
ID:	130733
      My ComputerSystem Spec

  •    19 Apr 2017 #9

    zooburner said: View Post
    I get this in firefox

    Click image for larger version. 

Name:	secure.jpg 
Views:	2 
Size:	40.1 KB 
ID:	130733
    Ditto, in Firefox x64 DE.
      My ComputerSystem Spec


  •  
    Page 1 of 2 12 LastLast

    Related Threads
    Solved Chrome+Firefox Phishing Attack Uses Domains Identical to Known Good in AntiVirus, Firewalls and System Security
    Read more here: Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
    I've just had a pop up apparently from Chrome requesting me to click on links from the following address http(es,colon,slash,slash)support.google.com/chrome/?p=help&ctx=keyboard#topic=3227046 I am always dubious about being invited to click ...
    Hi all; I have an odd issue with Firefox & Windows 10, with accessing HTTPS websites. The sites are very very slow to load and others do not complete the load cycle. I've had this issue for months now. Just tried the newly released Firefox...
    Hi All ! I'm a transplant from your "Eight Forum" & I'm almost used to the upgrade to Win 10. What I can't tolerate are the Desktop icons I'm able to find when using the 'Customize' tab. I learned how to use a PC when it was built to be fun,...
    Read more: Firefox ban on SHA-1 dropped after many locked out of HTTPS sites | ZDNet
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    © Designer Media Ltd
    All times are GMT -5. The time now is 17:04.
    Find Us