Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

froggyboy604

Well-Known Member
Staff member
Manager
Full GL Member
28,535
2007
748
Awards
20
Credits
8,672
Mature Board Viewing
Unlock full profile styling
Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others.

Discovered by Chinese security researcher Xudong Zheng, this is a variation of a homograph attack, first identified by Israeli researchers Evgeniy Gabrilovich and Alex Gontmakher, and known since 2001.

For example, if an attacker registered xn-pple-43d.com, this would be the equivalent of apple.com, but spelled with a Cyrillic “а” at the beginning.

Read more

I think a way of preventing some of these phishing attacks is to use your bookmark to a website, use Google to search for the website, or manually type in the address of a website in the address bar, and press enter.

I think domain registrar like GoDaddy should block people from registering fake domains since having a lot of criminals registering fake domains could damage the reputation of domain registrars, and make internet users less safe.
 
Slightly confused to be honest. So does the URL appear as apple.com in the address bar of our browsers? Or does it appear as something similar to apple.com?
 
Slightly confused to be honest. So does the URL appear as apple.com in the address bar of our browsers? Or does it appear as something similar to apple.com?

I think they appear differently in other web browsers. But, they may look the same if the web browser is based on Firefox, Chrome, and Opera. They maybe using a non-english alphabetical symbol which look like to trick people into thinking they are visiting the official site.

Manually typing in the domain like apple, and domain's .com extension with your keyboard letter keys should prevent people to going to the fake apple.com site.
 
How would you block or even determine what is a fake domain name?
 
How would you block or even determine what is a fake domain name?

I think there are antivirus, antimalware, other security software and web browser extensions/toolbars like the AVG or Avast antivirus web browser add-on which block dangerous sites which maybe fake.

A lot of web browsers like Firefox, Chrome, and IE has a built-in website blocker which automatically block sites which may contain viruses, and phishing scame.
 
Last edited:
I am never ceased to be amazed at the shrewdness of humans to screw over other humans.
 
I think there are antivirus, antimalware, other security software and web browser extensions/toolbars like the AVG or Avast antivirus web browser add-on which block dangerous sites which maybe fake.

A lot of web browsers like Firefox, Chrome, and IE has a built-in website blocker which automatically block sites which may contain viruses, and phishing scame.

so it has to be reported before it can be determined fake?
 
so it has to be reported before it can be determined fake?

I think phishing usually takes place when you click on links in e-mail, websites, and Instant messaging, so if you manually type in address from the address bar, or be very careful to not click on links which look suspicious like those small links you would be safer.

According to articles I read, this scam mostly work when you click on a link which uses weird unicode characters, and the unicode characters can disguise the address bar address to be the official sites.
 
Back
Top