Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

Discussion in 'Internet Chatter' started by froggyboy604, Apr 19, 2017.

  1. froggyboy604

    froggyboy604 Moderator Staff Member Moderator

    16,935
    82
    Money:
    $26,084
    Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others.

    Discovered by Chinese security researcher Xudong Zheng, this is a variation of a homograph attack, first identified by Israeli researchers Evgeniy Gabrilovich and Alex Gontmakher, and known since 2001.

    For example, if an attacker registered xn-pple-43d.com, this would be the equivalent of apple.com, but spelled with a Cyrillic “а” at the beginning.

    Read more

    I think a way of preventing some of these phishing attacks is to use your bookmark to a website, use Google to search for the website, or manually type in the address of a website in the address bar, and press enter.

    I think domain registrar like GoDaddy should block people from registering fake domains since having a lot of criminals registering fake domains could damage the reputation of domain registrars, and make internet users less safe.
     
  2. kingcool52

    kingcool52 Avid GTA & FIFA Gamer Full GL Member

    850
    29
    Male
    Money:
    $2,138
    Slightly confused to be honest. So does the URL appear as apple.com in the address bar of our browsers? Or does it appear as something similar to apple.com?
     
  3. Grungie

    Grungie New Member

    26
    0
    Money:
    $129
    Should be similar, or it'll be something like Apple.net instead of .com. These like to take advantage of typos or have a hyperlink disguised as the actual link in an email or website. www.youtube.com
     
  4. froggyboy604

    froggyboy604 Moderator Staff Member Moderator

    16,935
    82
    Money:
    $26,084
    I think they appear differently in other web browsers. But, they may look the same if the web browser is based on Firefox, Chrome, and Opera. They maybe using a non-english alphabetical symbol which look like to trick people into thinking they are visiting the official site.

    Manually typing in the domain like apple, and domain's .com extension with your keyboard letter keys should prevent people to going to the fake apple.com site.
     
  5. Demon_Skeith

    Demon_Skeith Administrator Staff Member Administrator

    Top Poster Of Month

    50,864
    574
    How would you block or even determine what is a fake domain name?
     
  6. froggyboy604

    froggyboy604 Moderator Staff Member Moderator

    16,935
    82
    Money:
    $26,084
    I think there are antivirus, antimalware, other security software and web browser extensions/toolbars like the AVG or Avast antivirus web browser add-on which block dangerous sites which maybe fake.

    A lot of web browsers like Firefox, Chrome, and IE has a built-in website blocker which automatically block sites which may contain viruses, and phishing scame.
     
    Last edited: Apr 21, 2017
  7. erich

    erich Active Member Full GL Member

    163
    6
    Male
    Money:
    $797
    I am never ceased to be amazed at the shrewdness of humans to screw over other humans.
     
  8. Demon_Skeith

    Demon_Skeith Administrator Staff Member Administrator

    Top Poster Of Month

    50,864
    574
    so it has to be reported before it can be determined fake?
     
  9. froggyboy604

    froggyboy604 Moderator Staff Member Moderator

    16,935
    82
    Money:
    $26,084
    I think phishing usually takes place when you click on links in e-mail, websites, and Instant messaging, so if you manually type in address from the address bar, or be very careful to not click on links which look suspicious like those small links you would be safer.

    According to articles I read, this scam mostly work when you click on a link which uses weird unicode characters, and the unicode characters can disguise the address bar address to be the official sites.
     

Share This Page