Page 1 of 2 12 LastLast
  1.    16 Apr 2017 #1
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites


    This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:

    This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

    This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

    We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.

    Here is what the real epic.com looks like in Chrome:


    Here is our fake epic.com in Chrome:


    And the real epic.com in Firefox:


    And here is our fake epic.com in Firefox:


    As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com.

    The real epic.com is a healthcare website. Using our unicode domain, we could clone the real epic.com website, then start emailing people and try to get them to sign into our fake healthcare website which would hand over their login credentials to us. We may then have full access to their healthcare records or other sensitive data.


    Source:
    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
      My ComputerSystem Spec
  2.    16 Apr 2017 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64
    Thread Starter

    You can set Firefox to show the URL in its un-encoded form. As for Chrome, check certificate.
    You should always check certificate before logging to secure webpage, because of other attacks.
    Attached Thumbnails Attached Thumbnails capture_04162017_153937.jpg  
      My ComputerSystem Spec
  3.    16 Apr 2017 #3
    Join Date : Aug 2015
    Posts : 750
    Windows 10 Home

    If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
      My ComputerSystem Spec
  4.    16 Apr 2017 #4
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64
    Thread Starter
      My ComputerSystem Spec
  5.    16 Apr 2017 #5
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,945
    Windows 10 (Pro and Insider Pro)

    Quote Originally Posted by TairikuOkami View Post
    better twice than none at all
      My ComputerSystem Spec
  6.    17 Apr 2017 #6
    Join Date : May 2015
    Posts : 423
    Redstone_Two

    Firefox x64 Phishing Attack + TorBrowser 7a2


    Unless we do something wrong, In about:config (ffx64), the parameter below is not shown on the list. Instead, we must search for it in the top bar:

    network.IDN_show_punycode

    SET it to <<true>> and the bug disappears.

    As some reported this bug is not present in Edge here too. The bug also affects Tor Browser Beta and the same solution works fine.

    Thanks for heads up!


    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites


    Last edited by MikeMecanic; 19 Apr 2017 at 20:51.
      My ComputerSystem Spec
  7.    18 Apr 2017 #7
    Join Date : Jun 2015
    UK
    Posts : 2,099
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by prikker View Post
    If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
    Kaspersky Total Security rejects that link.
      My ComputersSystem Spec
  8.    18 Apr 2017 #8
    Join Date : Jul 2015
    Posts : 879
    Windows 10 Home

    It seems all of my browsers are on top of this. You'd have to pro-actively click the warnings to go to the site.
    Click image for larger version. 

Name:	Screenshot_1.jpg 
Views:	1 
Size:	49.6 KB 
ID:	130712 Edge

    Click image for larger version. 

Name:	Screenshot_2.jpg 
Views:	1 
Size:	100.4 KB 
ID:	130713 Pale Moon

    Click image for larger version. 

Name:	Screenshot_3.jpg 
Views:	1 
Size:	151.8 KB 
ID:	130714 Chrome
      My ComputerSystem Spec
  9.    18 Apr 2017 #9
    Join Date : Jun 2015
    Posts : 297
    Windows 7 (SP1)

    I get this in firefox

    Click image for larger version. 

Name:	secure.jpg 
Views:	2 
Size:	40.1 KB 
ID:	130733
      My ComputerSystem Spec
  10.    19 Apr 2017 #10
    Join Date : Oct 2014
    Posts : 513
    10x64

    Quote Originally Posted by zooburner View Post
    I get this in firefox

    Click image for larger version. 

Name:	secure.jpg 
Views:	2 
Size:	40.1 KB 
ID:	130733
    Ditto, in Firefox x64 DE.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved Chrome+Firefox Phishing Attack Uses Domains Identical to Known Good
Read more here: Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
AntiVirus, Firewalls and System Security
Solved Chrome pop up. Is it for real or Phishing
I've just had a pop up apparently from Chrome requesting me to click on links from the following address http(es,colon,slash,slash)support.google.com/chrome/?p=help&ctx=keyboard#topic=3227046 I am always dubious about being invited to click ...
Browsers and Email
HTTPS sites loading slow in Firefox on Toshiba laptop
Hi all; I have an odd issue with Firefox & Windows 10, with accessing HTTPS websites. The sites are very very slow to load and others do not complete the load cycle. I've had this issue for months now. Just tried the newly released Firefox...
Software and Apps
Safe sites to download better icons than what came with Win 10 upgrade
Hi All ! I'm a transplant from your "Eight Forum" & I'm almost used to the upgrade to Win 10. What I can't tolerate are the Desktop icons I'm able to find when using the 'Customize' tab. I learned how to use a PC when it was built to be fun,...
Customization
Firefox ban on SHA-1 dropped after many locked out of HTTPS sites
Read more: Firefox ban on SHA-1 dropped after many locked out of HTTPS sites | ZDNet
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:01.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums