Recently, a security researcher has demonstrated a scary phishing attack which is almost impossible to detect. This attack seems impossible to detect! However, most browsers have some protection mechanism enabled but they don’t detect each and every version of such attacks.
This Phishing Attack Is Impossible To Detect! It Can Even Fool You
Let’s first talk about Punycode. It is a way to represent Unicode within a limited character subset of ASCII used for internet host names. This method helps register domain names with foreign characters.
Like the domain name “xn--s7y.co” is same as “短.co”. Well, recently, a security researcher has demonstrated a scary phishing attack which is almost impossible to detect.
Well, the concept of this scary attack is old. However, it has just surfaced in the latest version of browsers like Google chrome, Mozilla firefox, Opera. These browsers instead of showing Unicode characters shows normal characters.
Showing up the normal characters instead of Unicode makes it impossible to detect the notorious domains. According to Chinese security researcher Xudong Zheng, it’s possible to register domains like “xn--pple-43d.com” which is equivalent to “apple.com”.
In the above image, you will see “apple.com”. Here apple.com uses Cyrillic ‘a’ (U+0430), instead of the ASCII ‘a’ (U+0041). This type of phishing attack is also known as homograph attack.
Well, this attack seems impossible to detect! However, most browsers have some protection mechanism enabled but they don’t detect each and every version of such attacks.
The bug was reported on January 20, 2017. The fix has already landed on Chrome canary browser. It will be rolled out in Chrome 58 which is expected to arrive next week. Firefox users can go to about: config and then on in settings turn network.IDN_show_punycode to true.
If you want to know more about this attack you can read Xudong Zheng’s blog post. So, what do you think about this? Share your views in the comment box below.