Hackers phish for your credentials while using Unicode websites as baits

Is it possible to receive a rogue message from seemingly legitimate source? Sadly, the answer confirms this daunting circumstance as plausible. Even though you might be already accustomed to the phishing scams via emails, you should be informed about the new strategy that hackers exploit. Unicode websites have been labeled as precarious, considering crooks can construct URLs that are identical to the ones, belonging to legitimate companies. We constantly advise users to pay attention to the indicated source of pop-ups or different content. But what can be done if the message strikes as legitimate and even the URL it originated from looks appropriate?

Security researcher, named Xudong Zheng, posted an article on his blog and described the issue he was capable to unravel. He insisted that homograph attacks were currently taking place and can be presented to users of Google Chrome, Mozilla Firefox and Opera. These type of attacks occur when hackers manipulate a variety of differing writing systems for the sake of creating a domain address, identical to the one that belongs to a respectable facility. Characters that look alike but do not carry the same codes are the instruments that crooks explore to generate websites for scams.

The currently on-going scam allegedly originates from Apple.com. However, in order to create this website, hackers utilized characters from the Cyrillic alphabet. Despite the fact that URL looks identical to the official Apple.com, it uses different codes and transfers people to a different location than they expect. It is impossible to recognize this attack without doing some analysis, and this action is definitely not something that people are extremely eager to do. According to Xudong Zheng, the only way to separate an unreliable domain from a legitimate one is to carefully investigate the link and the digital certificates.

What are hackers trying to achieve with this scam? Well, crooks are usually after money and sensitive information about users. This situation does not fall far from the tree as the main goal of homograph attacks is to steal users’ credentials. Currently, this issue is being sorted out and Google is working hard on this issue. However, Mozilla does not appear to be as determined to fix these detected attacks and continues to examine the problem before it finally decides which strategy to select. If you are currently using Mozilla Firefox, you can protect yourself from rogue Apple.com and other similar variants by making several changes in the settings.

Follow this sequence of actions: About→Config→Network.IDN_show_punycode and set it to ‘true’. Additionally, different password managers that automatically connect you to websites can also help. They are set to connect to only those websites that are legitimate and different writing systems do not cause any confusion for these programs.

Source: xudongz.com.


About the author

 - Main Editor

I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.


Leave a Reply

Your email address will not be published. Required fields are marked *