Hard to Detect Impostor Sites on Chrome, Firefox, and Opera

Hard to Detect Impostor Sites on Chrome, Firefox, and Opera
SHARE

If you are one of the people who are using Chrome, Firefox or Opera in order to view websites, then you should know that recently there was a weakness spotted. It can actually confuse even people who are really computer-savvy in order to mistake an impostor site for an authentic one. It may not seem such a big mistake, until you see that they ask you to download software or enter a password or they require your credit card data.

But How Does That Happen?

This weakness relates to the way in which the browsers show particular characters on the address bar. For example, up until yesterday, Chrome showed the address https://www.xn--80ak6aa92e.com/ instead of the official secure website https://www.apple.com. Thankfully, Chrome already released an update, version 58, who fixed this. However, Firefox and Opera still use the same misleading address, so be careful!

As you can see if you access the website, the first link has nothing to do with the official Apple website. If a hacker would have registered the fake domain, they could have used it for malicious purposes, such as bringing unwanted software on people’s computers or tricking people into giving them passwords, codes and other important information.

The Solution

The cause of the problem here is the fact that it’s a homograph attack, meaning that people use foreign characters and convert them to alternative formats by using ASCII characters. If you want to keep safe, update your Chrome version to version 58. If you’re a Firefox user, then you can ensure your protection by entering “about:config” in the address bar and then agreeing with the message. Then, enter “punycode” until you find the address network.IDN_show_punycode, and then double-click on the “false” word until it changes to “true”.

Safari, Microsoft Edge and Internet Explorer browsers are not affected by this change.


SHARE

Share this post

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.