Free Republic
Browse · Search		 Bloggers & Personal
Topics · Post Article

Skip to comments.

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
Wordfence ^ | April 14, 2017 | Mark Maunder

Posted on 04/18/2017 12:13:20 PM PDT by Tolerance Sucks Rocks

This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:

There is a phishing attack that is receiving much attention today in the security community.

As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.

Here is what the real epic.com looks like in Chrome:

(Excerpt) Read more at wordfence.com ...

TOPICS: Chit/Chat; Computers/Internet; Conspiracy; Miscellaneous
KEYWORDS: chrome; firefox; palemoon; phishing; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-2021-4041-45 last
To: Tolerance Sucks Rocks
Double-click on “false.” It should become “true.” That’s what I had to do.

Right click on it... that brings up a menu... select "toggle" to change it. You don't have to do anything further to save the new setting.

41 posted on 04/21/2017 10:58:03 AM PDT by Cementjungle
[ Post Reply | Private Reply | To 33 | View Replies]
To: Tolerance Sucks Rocks

Thanks.


42 posted on 04/21/2017 6:37:03 PM PDT by TChad (Propagandists should not be treated like journalists.)
[ Post Reply | Private Reply | To 1 | View Replies]
To: Tolerance Sucks Rocks

Fake News - My FF is 53.0.


43 posted on 04/22/2017 12:52:54 AM PDT by Tainan (Cogito, ergo conservatus sum -- "The Taliban is inside the building")
[ Post Reply | Private Reply | To 1 | View Replies]
To: Tainan

Not fake. I change my punycode variable on both Firefox and Pale Moon.


44 posted on 04/22/2017 11:45:27 AM PDT by Tolerance Sucks Rocks (April 2006 Message from Dan: http://www.dansimmons.com/news/message/2006_04.htm)
[ Post Reply | Private Reply | To 43 | View Replies]
To: Tainan

ChangeD.


45 posted on 04/22/2017 11:45:45 AM PDT by Tolerance Sucks Rocks (April 2006 Message from Dan: http://www.dansimmons.com/news/message/2006_04.htm)
[ Post Reply | Private Reply | To 43 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-2021-4041-45 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 Bloggers & Personal
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson