Collaborate Disseminate
Financial services companies have always been primary targets for scammers, with account takeover the ultimate prize. If successful, phishing scams on digital banks reward attackers with sensitive data they can use for financial gain, identity theft o… Continue reading Digital Banks Targeted in Account Takeover Scams
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are n… Continue reading Half of all Phishing Sites Now Have the Padlock
Two free tickets for every family? It sounds great! It has to be a scam. Continue reading Free Virgin Atlantic tickets? No, it’s a WhatsApp scam
How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using.
For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name:
https://www.са.com/
Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian.
Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain): Continue reading Look-Alike Domains and Visual Confusion
Phishers and other online crooks are taking advantage of Unicode domain names in their pursuit of your passwords and other sensitive information. Here’s a simple way to protect yourself.
Continue reading How to protect your browser from Unicode domain phishing attacks
The most prolific gate to the RIG exploit kit is coming in a different flavor. The Seamless campaign is now using a domain name with foreign characters translated by Punycode.
Categories:
Exploits
Threat analysis
Tags: phishingPunycoderamnitRam… Continue reading Seamless campaign serves RIG EK via Punycode
An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor Continue reading IDN Homograph Attack Spreading Betabot Backdoor
I recently read some articles about phishing with punycode. To prevent it when using firefox, you simply type about:config and turn the parameter network.IDN_show_punycode = true. Now you can easily see if somebody tries to s… Continue reading Way to practically identify punycode in Chrome?
Unicode sleight of hand makes it hard for even savvy users to detect impostor sites. Continue reading Chrome, Firefox, and Opera users beware: This isn’t the apple.com you want
Well, think again. At least if you are using Chrome or Firefox. Don’t believe us? Well, check out Apple new website then, at https://www.apple.com . Notice anything? If you are not using an affected browser you are just seeing a strange URL after opening the webpage, otherwise it’s pretty legit. This is a page to demonstrate a type of Unicode vulnerability in how the browser interprets and show the URL to the user. Notice the valid HTTPS. Of course the domain is not from Apple, it is actually the domain: “https://www.xn--80ak6aa92e.com/“. If you open the page, you can …read more
