Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
Wordfence ^ | April 14, 2017 | Mark Maunder

Posted on 04/18/2017 12:13:20 PM PDT by Tolerance Sucks Rocks

This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:

There is a phishing attack that is receiving much attention today in the security community.

As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.

Here is what the real epic.com looks like in Chrome:

(Excerpt) Read more at wordfence.com ...


TOPICS: Chit/Chat; Computers/Internet; Conspiracy; Miscellaneous
KEYWORDS: chrome; firefox; palemoon; phishing; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-2021-4041-45 next last
To: rightazrain

At the top of your screen is the open space where you type in the internet address you want to go to. That is the location bar. Right now mine says: wwwfreerepublic.com/perl/post?id.....
You just put your curson in that box & type the config comand and press enter. You will get a warning that any changes you make will affect foxfire etc.

Accept that, search for the puny term as specified in the article. Click on the line containing the term, in the column that says false, and false will change to true.

Exit by closing the window & check the article to see if the fix worked. There is a link to their false website in a later paragraph in the article and it will show the strange characters instead of the original website name if you were successful.


21 posted on 04/18/2017 1:44:33 PM PDT by JayGalt
[ Post Reply | Private Reply | To 20 | View Replies]

To: newfreep
"I have an Samsung “S7 Edge” running Android v7 (Nutmeg)."

You're pulling our legs, aren't you? Or did you write this version, yourself?

22 posted on 04/18/2017 1:48:59 PM PDT by DJ Frisat (Hey, what happened to my clever tag line?!)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Tolerance Sucks Rocks

Hmm...the update was issued today, version 52.0.2 for FF. I followed the instructions per the article above and did not see any such thing about parameters.


23 posted on 04/18/2017 1:49:23 PM PDT by hsmomx3
[ Post Reply | Private Reply | To 18 | View Replies]

To: DJ Frisat

“Nutmeg” should be “Nougat”

Clearly, too much cocaine today but at least the “N” was correct


24 posted on 04/18/2017 1:56:29 PM PDT by newfreep ("If Lyin' Ted was an American citizen, he would be a traitor.")
[ Post Reply | Private Reply | To 22 | View Replies]

To: hsmomx3
I followed the instructions per the article above and did not see any such thing about parameters.

What "such thing" did you not see? I just downloaded Firefox 52.0.2 and the parameter network.IDN_show_punycode is there.

25 posted on 04/18/2017 2:05:26 PM PDT by ken in texas
[ Post Reply | Private Reply | To 23 | View Replies]

To: Tolerance Sucks Rocks

bookmark


26 posted on 04/18/2017 2:12:05 PM PDT by Dacula (President and CEO at Being Awesome)
[ Post Reply | Private Reply | To 1 | View Replies]

To: newfreep

LOL — cocaine starts with C, not N...

At any rate, I’m sticking with NarshNallow on my phone!

(was just joshing you, hope you know...)


27 posted on 04/18/2017 2:32:22 PM PDT by DJ Frisat (Hey, what happened to my clever tag line?!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: rightazrain

Just type it where you would normally type a URL.


28 posted on 04/18/2017 7:08:53 PM PDT by Tolerance Sucks Rocks (April 2006 Message from Dan: http://www.dansimmons.com/news/message/2006_04.htm)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Tolerance Sucks Rocks

bkmk


29 posted on 04/18/2017 11:17:39 PM PDT by glock rocks (... so much win!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tolerance Sucks Rocks; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; amigatec; AppyPappy; ...
Phishing Attack warning ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Tolerance Sucks Rocks for the ping!!

30 posted on 04/20/2017 9:50:16 PM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 2 | View Replies]

To: Tolerance Sucks Rocks
This is what shows in the address bar:

https://www.xn--e1awd7f.com/

31 posted on 04/20/2017 9:59:39 PM PDT by granite (The heart of the wise inclines to the right, but the heart of the fool to the left - Ecc 10:2)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tolerance Sucks Rocks

well I found it listed but there’s no way to change it from false to true.


32 posted on 04/20/2017 10:05:10 PM PDT by caww
[ Post Reply | Private Reply | To 28 | View Replies]

To: caww

Double-click on “false.” It should become “true.” That’s what I had to do.


33 posted on 04/21/2017 9:21:25 AM PDT by Tolerance Sucks Rocks (April 2006 Message from Dan: http://www.dansimmons.com/news/message/2006_04.htm)
[ Post Reply | Private Reply | To 32 | View Replies]

To: granite

That means you have apparently succeeded.


34 posted on 04/21/2017 9:21:59 AM PDT by Tolerance Sucks Rocks (April 2006 Message from Dan: http://www.dansimmons.com/news/message/2006_04.htm)
[ Post Reply | Private Reply | To 31 | View Replies]

To: LUV W; All

FYI

And all Chrome And Firefox users


35 posted on 04/21/2017 10:19:31 AM PDT by MEG33 (SUPPORT FREE REPUBLC***DONATE MONTHLY)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tolerance Sucks Rocks

Ok..will try that..thanks.


36 posted on 04/21/2017 10:19:38 AM PDT by caww
[ Post Reply | Private Reply | To 33 | View Replies]

To: Tolerance Sucks Rocks

Ok...got it! Thanks again so much!


37 posted on 04/21/2017 10:24:14 AM PDT by caww
[ Post Reply | Private Reply | To 33 | View Replies]

To: MEG33

Thanks! Hope none of us gets phished!


38 posted on 04/21/2017 10:36:45 AM PDT by luvie (Be still and know that I Am GOD.....Psalm 46:10)
[ Post Reply | Private Reply | To 35 | View Replies]

To: LUV W

Amen!


39 posted on 04/21/2017 10:41:23 AM PDT by MEG33 (SUPPORT FREE REPUBLC***DONATE MONTHLY)
[ Post Reply | Private Reply | To 38 | View Replies]

To: Tolerance Sucks Rocks

Thanks for posting this. That’s a very clever phishing trick... I’ve fixed my browsers and more importantly, my wife’s browsers.


40 posted on 04/21/2017 10:53:50 AM PDT by Cementjungle
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-45 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson