Dotlayer
  • News
  • Startups
  • Tutorials
  • SEO
  • Marketing
  • Interviews
No Result
View All Result
Dotlayer
  • News
  • Startups
  • Tutorials
  • SEO
  • Marketing
  • Interviews
No Result
View All Result
Dotlayer
No Result
View All Result

Unicode Character Based Phishing Attacks Register Domains That Look Exactly Identical To Real Domains

April 15, 2017
in Tutorials
0 0
Share on FacebookShare on Twitter

There has been a substantial growth in both the frequency and sophistication of Phishing attacks over the last couple of years, with one of the most popular ones being the iCloud hack of celebrities that resulted in the release of a huge dump of nude pictures.

Basically, Phishing is a type of social engineering attack often used to steal sensitive data, including login credentials and credit card numbers, password, social security numbers etc.

It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Once the unsuspecting recipient is tricked into clicking a malicious link, they are lead install of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

The key to a successful attack is the ability to hide the identity of the malicious website by using a combination of tricks that allow the malicious website to look very similar to the valid website.

In this new variant of phishing, initially reported by Wordfence, the WordPress security company, hackers are able to clone a domain that looks like the original thereby increasing the percentage of success for these hacks drastically.

By using a combination of Unicode characters to register domains that look exactly identical to real domains. Once these domains have been registered they can be used in phishing attacks to fool users into signing into a fake website and thereby deceiving unsuspecting users into divulging sensitive information.

The security folks at WordFence created a demo to illustrate the vulnerability. In the demonstration, they were successfully able to register a domain that looks exactly like the popular health website called Epic.com.

When you visit the website epic.com in your browser, you will notice that it sends you to the original website as pictured in the screenshot below:

The fake/malicious epic.com domain can be viewed here https://xn--e1awd7f.com/. You can see from the screenshot below that the address bar is exactly identical and a regular user will not be able to disguise this from the original website.

This particular vulnerability affects the most recent version of Google’s Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not currently affect Internet Explorer or Safari browsers.

As pictured in the screenshots above they had successfully cloned the real epic.com website. Once an attacker is able to do this, they can then start emailing people and try to get them to sign into our fake healthcare website which would hand over their sensitive credentials to us.

There’s currently no way to fix in Chrome for this. Chrome have already released a fix in their Canary release, which is their test release. This should be released to the general public within the next few days. However, there is a fix that you can do in firefox by typing about:config and then searching for punycode. Once you find that, you can change a parameter named: network.IDN_show_punycode to true

Further Reading:
Phishing with Unicode Domains
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

ShareTweetPin
Previous Post

View All Failed SSH Login Attempts on Your WordPress VPS – Ubuntu and CentOS

Next Post

Njalla – An Anonymous Domain Name Registration Service By Peter Sunde, Pirate Bay Founder

Next Post

Njalla - An Anonymous Domain Name Registration Service By Peter Sunde, Pirate Bay Founder

You might also like

Calendarific Unveils New Pricing Plans

Calendarific Unveils New Pricing Plans

July 27, 2023
CurrencyBeacon vs. Currency Freaks, Fixer.io, and OpenExchangeRates: Which API is Best?

CurrencyBeacon vs. Currency Freaks, Fixer.io, and OpenExchangeRates: Which API is Best?

June 17, 2023
Mint Linux vs Ubuntu: Which is Right For You?

Mint Linux vs Ubuntu: Which is Right For You?

March 12, 2022
Net Neutrality: What is it and Why Should You Care?

Net Neutrality: What is it and Why Should You Care?

March 12, 2022
Solid State Drives – Why You Should Buy One Today

Solid State Drives – Why You Should Buy One Today

March 12, 2022

Machine Learning Algorithms Every Beginner Should Know

January 25, 2022
  • Terms of Service
  • Privacy Policy
  • Careers

© 2021 Dotlayer.com

No Result
View All Result
  • About Us
  • Advertise
  • Blog
  • Careers
  • Contact
  • Contact Us
  • Get Featured
  • Home Layout 1
  • Home Layout 2
  • Home Layout 3
  • Privacy Policy
  • Security
  • Services
  • Subscribe To Dotlayer
  • Terms of Service
  • Write For Us

© 2021 Dotlayer.com

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In