Phishing via mails have become even more sophisticated now. We have seen how hackers have smartly tweaked email IDs, fooling users into opening mails that were always going to get them into trouble.
Phishing happens when hackers use fake IDs on a company’s name and try to induce personal information from users.
But that isn’t the only thing you need to be worried about from here on in. Hackers, as smart as they are, have devised ways to phish for your data, without changing the name of the email domain. Yes, that’s right, and without a shadow of doubt, you ought to be scared.
It’s All in the Letter
Fraudsters in phishing have found a way to penetrate into your system, with your permission, without giving you even a hint of exactly what mistake you made. Hackers are registering for domain names in English, but ones that come from a different script.
Traditionally, computers accept the Latin form of English, but hackers have managed to bypass that by using Cyrillic English.
According to a report, Google Chrome and Firefox web browsers are falling for the trap set up by the hackers – even those who know their way around phishing and hacking.
Experts say this attack isn’t new, it was first reported in the early 2000s when Paypal’s logo was manipulated. The potential of such attacks was first highlighted by Bruce Schneier, a cyber security expert who works at IBM.
This attack is called IDN Homograph attack.
The Phishing Deja Vu
The main reason why this attack has resurfaced is because Xudong Zheng, a web developer at the small software firm SliceOne, observed a similar pattern of attack and wrote about the same in this blog post.
Xudong Zheng’s blog postZheng created an “apple.com,” (Cyrillic) against the original “apple.com,” (Latin), thereby telling how this form of duping is so effective, without raising an alarm.
Web browsers like Chrome, Firefox and Opera are under the scanner here, for not being able to spot the difference in URLs, leaving them vulnerable to high-level attacks. Not a good sign, especially when Chrome and Firefox are used by the majority of users across the globe.
Zheng reported to Chrome’s security team, winning himself a bounty of $2,000 from Google
But you’d be surprised to know that Apple’s Safari and Microsoft’s Edge are capable of catching the URL changes. Good for them.
Stay Safe, But How?
The URL in the mails look the same, and Chrome and Firefox find it hard to tell which one is the real deal. So, how does one make sure that they don't fall prey to such attacks?
Tips to Stay Safe
- Check SSL certificate of website
- On Chrome, click the three dots on the right corner of its window
- Select option More Tools
- Developer tools
- Click of view certificate
Good luck out there!