New
#1
You can set Firefox to show the URL in its un-encoded form. As for Chrome, check certificate.
You should always check certificate before logging to secure webpage, because of other attacks.
This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:
This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.
This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.
We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.
Here is what the real epic.com looks like in Chrome:
Here is our fake epic.com in Chrome:
And the real epic.com in Firefox:
And here is our fake epic.com in Firefox:
As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com.
The real epic.com is a healthcare website. Using our unicode domain, we could clone the real epic.com website, then start emailing people and try to get them to sign into our fake healthcare website which would hand over their login credentials to us. We may then have full access to their healthcare records or other sensitive data.
Source: Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
You can set Firefox to show the URL in its un-encoded form. As for Chrome, check certificate.
You should always check certificate before logging to secure webpage, because of other attacks.
If I click on https://xn--e1awd7f.com/ I get an your connection is not secure message.
It was posted here as well.
Chrome+Firefox Phishing Attack Uses Domains Identical to Known Good - Solved - Windows 10 Forums
Unless we do something wrong, In about:config (ffx64), the parameter below is not shown on the list. Instead, we must search for it in the top bar:
network.IDN_show_punycode
SET it to <<true>> and the bug disappears.
As some reported this bug is not present in Edge here too. The bug also affects Tor Browser Beta and the same solution works fine.
Thanks for heads up!
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
Last edited by MikeMecanic; 19 Apr 2017 at 20:51.