Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites

Page 1 of 2 12 LastLast
    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites


    Posted: 16 Apr 2017

    This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:

    This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

    This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

    We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.

    Here is what the real epic.com looks like in Chrome:


    Here is our fake epic.com in Chrome:


    And the real epic.com in Firefox:


    And here is our fake epic.com in Firefox:


    As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com.

    The real epic.com is a healthcare website. Using our unicode domain, we could clone the real epic.com website, then start emailing people and try to get them to sign into our fake healthcare website which would hand over their login credentials to us. We may then have full access to their healthcare records or other sensitive data.


    Source:
    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
    TairikuOkami's Avatar Posted By: TairikuOkami
    16 Apr 2017


  1. Posts : 5,200
    Windows 11 Home
       #1

    You can set Firefox to show the URL in its un-encoded form. As for Chrome, check certificate.
    You should always check certificate before logging to secure webpage, because of other attacks.
    Attached Thumbnails Attached Thumbnails Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites-capture_04162017_153937.jpg  
      My Computer


  2. Posts : 382
    Windows 10 Home
       #2

    If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
      My Computer


  3. Posts : 5,200
    Windows 11 Home
    Thread Starter
       #3
      My Computer


  4. Posts : 27,202
    Windows 10 (Pro and Insider Pro)
       #4

    better twice than none at all
      My Computers


  5. Posts : 1,079
    10 + Linux
       #5

    Firefox x64 Phishing Attack + TorBrowser 7a2


    Unless we do something wrong, In about:config (ffx64), the parameter below is not shown on the list. Instead, we must search for it in the top bar:

    network.IDN_show_punycode

    SET it to <<true>> and the bug disappears.

    As some reported this bug is not present in Edge here too. The bug also affects Tor Browser Beta and the same solution works fine.

    Thanks for heads up!


    Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites


    Last edited by MikeMecanic; 19 Apr 2017 at 20:51.
      My Computer


  6. Posts : 7,126
    Windows 10 Pro 64 bit
       #6

    prikker said:
    If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
    Kaspersky Total Security rejects that link.
      My Computers


  7. Posts : 1,765
    Windows 10 Home
       #7

    It seems all of my browsers are on top of this. You'd have to pro-actively click the warnings to go to the site.
    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites-screenshot_1.jpg Edge

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites-screenshot_2.jpg Pale Moon

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites-screenshot_3.jpg Chrome
      My Computer


  8. Posts : 353
    Windows 10 Pro
       #8

    I get this in firefox

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites-secure.jpg
      My Computer


  9. Posts : 807
    Win10x64 v2004 latest build fast ring
       #9

    zooburner said:
    I get this in firefox

    Chrome and Firefox Phishing Attack Uses Name Identical to Safe Sites-secure.jpg
    Ditto, in Firefox x64 DE.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:14.
Find Us




Windows 10 Forums