Regular Reddit users know how easy it is to lose track of time while browsing the endless resources of this website. Latter service definitely provides a great deal of entertainment and distraction. Probably because of that, mischievous people decide to test the fans of Reddit.
A fake version of Reddit tried to steal users’ credentials
Reddit.co, not in any way related to Reddit.com, was first reported in the summer of 2010. Against all odds, the fake version was alive and well for years. Over the time, it showed varieties of differed material, from pornographic content to random online games.
In 2018, owners of Reddit.co decided to experiment and create an identical version of Reddit.com and see whether people would fall for this trick. If you are in a hurry to type in a website address, you might accidentally miss the letter “m” and enter Reddit.co instead of legitimate Reddit.com.
A security engineer named Alec Muffett was the one to notice the deceptive change in Reddit.co. Instead of displaying random content, it was transformed into a clone of Reddit.com. This was done with the intention of stealing Reddit accounts’ credentials and other information that might have been revealed.
The concerned engineer reported this fake domain to Google’s Safe Browsing, but the reaction was slower than expected. It took more than a day for Google to start blocking the rogue version. Now, if you attempt to visit Reddit.co, you will be stopped by a message “Deceptive Website Warning”.
Currently it is unknown how many people actually visited Reddit.co and logged into this fake website. However, even if users revealed their credentials to hackers, this does not mean that their information is compromised. Reddit offers two-factor authentication feature, meaning that in order to access the legitimate Reddit service, hackers would also have to be able to execute the last step of logging in.
Check the addresses of the visited websites: do not reveal information to rogue versions
Nevertheless, if an accidental typo brought you into Reddit.co, we recommend setting new passwords. To us, it is surprising how this rogue version was even approved. On the other hand, deceptive addresses appear constantly, so there is very little to be surprised about.
Lastly, please check the address bar when you visit random domains or access your accounts. It could be that you will accidentally arrive in a rogue version of a legitimate service. This checking is also important when it comes to pop-ups that claim to be associated with Microsoft or Google. Remember that domains, called Chrome-survey-prizes.com or Microsoft-tech-support-help.com are definitely not legitimate and have no association with the credible companies.
Source: securitybrief.eu.
