The almost impossible to detect phishing attack in detect on Chrome, Firefox and Opera

This is one of those instances where the Microsoft and Apple browser beat out the competition – because this problem is mainly affecting Google Chrome, Mozilla Firefox and Opera browsers.

Hackers have found a way of registering domains using unicode characters, which look like they are other websites… ie, they can not fake a domain you might have a login to, and the faked address can be nearly impossible to spot.

How do you normally spot a faked website?  You put your mouse over the link, or look at the page that loads when the link is clicked – right? (we hope you don’t click too many of these links though).

Well that security check can fail you – as the hackers have found a way of registering domains with domains that *LOOK* like they are legitimate, even though they are not.

Security researcher

The attack is called a ‘homograph attack’ – which has been known since 2001.  The problem is that browser manufacturers have struggled to fix the problem properly.

The problems stems from there being many unicode charactrers which look like latin characters, for example, there are Greek, Cyrillic and Armenian alphabet characters which look exactly like the latin characters used in English.  Those characters can be used to register a domain.  So even though the Cyrillic character

Most browsers use ‘Punycode’ to represent the unicode characters, and because that feature is turned ON by default, you can get tricked by a domain using these special, but different characters.

Zheng reported these problems to the big browser makers back in January – and Google is going to be rolling out a fix in time.  Other vendors we’re unsure about.

There is a fix that you can employ though.  For example – in Firefox – follow these steps to turn the showing of Unicode characters as their latin equivalents – that’s by changing the Punycode setting.

  1. Type about:config in address bar and press enter.
  2. Type Punycode in the configuration search bar.
  3. Browser settings will show parameter titled: network.IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to true.

Here are the steps you take in Firefox in screenshot form:

How to change your punycode setting in Firefox

How to change your punycode setting in Firefox – Step 1

 

Step 2: Type Punycode

Step 2: Type Punycode

 

Change setting from 'Default: false' to 'User-Set: true'

Change setting from ‘Default: false’ to ‘User-Set: true’

One of the ways you can protect yourself no matter which browser you use, is to use a good Password Manager software.  One of the ones with either native, or add-on browser plugins.  That way, when the password manager does not show your password, even if the URL in the address bar looks ‘right’ – that will serve as a clue that this might not be the correct website.

We are hopeful that endpoint protection systems will add unicode domain warnings quickly – so make sure that you are using a solid antimalware / antivirus with a web protection module!


Ready for the right solutions?

It’s time to offload your technology troubles and security stress.

"*" indicates required fields