- Apr 21, 2016
- 3,556
Chrome and Firefox are adding some extra protections to their systems to protect users from a nasty phishing trick.
Normally, when you click on a link to a site, you expect to be taken to that particular site. Thanks to a researcher, however, it was discovered that it's not always the case due to a vulnerability of most browsers in the way they translate special characters.
For example, a website address that starts with xn-- tells your browser that the domain name is encoded using Punycode, which allows special characters to be displayed. This ability is quite important because a large part of Internet users don't speak English, or it's not their first language, and their mother tongues include such special characters.
This, however, also lets cybercriminals execute what is called a homograph attack. Basically, it tricks the browser into believing a certain domain that includes special characters is actually a different domain, one that people trust. By spoofing the domain, users will believe they are in the right location.
Chrome and Firefox will display a mess of characters as the right URL. Furthermore, the scammer can even apply for a SSL certificate for the Punycode name and, given what has surfaced in recent scandals, will likely even get it. Then, you'll find yourself on a site you think you know, with a "secure" tag near the address bar, indicating that everything is right in the world. What is the next thing you do? You log in. What is the next thing that happens? The cybercriminals steal your credentials.
Chinese security researcher Xudong Zheng came up with a proper example of this situation with the site epic.com. By using the Punycode trick, the fake site looks legit, complete with the SSL certificate to back it up.
Read more: Chrome, Firefox, Preparing Fixes for Nasty Phishing Trick Using Punycode
Normally, when you click on a link to a site, you expect to be taken to that particular site. Thanks to a researcher, however, it was discovered that it's not always the case due to a vulnerability of most browsers in the way they translate special characters.
For example, a website address that starts with xn-- tells your browser that the domain name is encoded using Punycode, which allows special characters to be displayed. This ability is quite important because a large part of Internet users don't speak English, or it's not their first language, and their mother tongues include such special characters.
This, however, also lets cybercriminals execute what is called a homograph attack. Basically, it tricks the browser into believing a certain domain that includes special characters is actually a different domain, one that people trust. By spoofing the domain, users will believe they are in the right location.
Chrome and Firefox will display a mess of characters as the right URL. Furthermore, the scammer can even apply for a SSL certificate for the Punycode name and, given what has surfaced in recent scandals, will likely even get it. Then, you'll find yourself on a site you think you know, with a "secure" tag near the address bar, indicating that everything is right in the world. What is the next thing you do? You log in. What is the next thing that happens? The cybercriminals steal your credentials.
Chinese security researcher Xudong Zheng came up with a proper example of this situation with the site epic.com. By using the Punycode trick, the fake site looks legit, complete with the SSL certificate to back it up.
Read more: Chrome, Firefox, Preparing Fixes for Nasty Phishing Trick Using Punycode
