• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 11th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Phishing Scam

Beware; Sophisticated Phishing Attacks Using Unicode Characters

April 19th, 2017 Jahanzaib Hassan Cyber Crime, Phishing Scam, Scams and Fraud, Security 0 comments
Beware; Sophisticated Phishing Attacks Using Unicode Characters
Share on FacebookShare on Twitter

Google Chrome, Mozilla Firefox, and Opera browsers are known for their tight security measures, yet they are often targeted by malicious actors because of the fact that these are the most used browsers worldwide. As a result of the tight security measures, hackers have come up with a new technique to target users with a highly sophisticated phishing scam using “Unicode characters.”

The Perfect Phishing attack

A phishing attack usually depends on two things: a perfect disguise and somewhat the ignorance of users. But not this one as hackers are now faking popular domains like Apple, Google, or eBay on their own fraudulent websites. Hackers are even able to get the little “Secure” green bar for their fraudulent websites making the attack even more sophisticated.

If a user is on to one of these malicious sites, practically there is no way of telling that they are fake, and users can be easily fooled to put their credentials on the fake domain.

Nearly Impossible to detect

According to Mr. Xudong Zheng, a security researcher, Google Chrome has a dangerous new vulnerability that makes phishing attacks almost impossible to detect.”

He further added, “It becomes impossible to identify the site as fraudulent without carefully inspecting the site’s URL or SSL certificate.”

The Flaw-explained in Layman terms

According to security researchers, the flaw exists because of the inability of an encoder “Punycode” to render some character sets properly.

A Chinese character “a” and a Latin character “a” are rendered differently in the web-browser, however, on the surface bot, the characters look like a simple “a” in the URL bar, and this flaw can be easily exploited by hackers.

Mr. Xudong showed this critical flaw by creating a fake version of “Apple.com” website by using the domain name “xn--80ak6aa92e.com”. He chose foreign language characters and took advantage of the rendering mechanism of Chrome browser.


A relief

Mr. Zheng reported this flaw to the tech giants in January, and since then, the tech giants have been working on a possible patch to cope with this flaw. Google officials have already fixed this flaw in the latest beta release “Chrome Canary 59, ” and the update will be available worldwide on April 25th.

However, the same thing can not be said for the Firefox browser as the flaw has not been patched on it yet. But here is a temporary solution for Firefox:

* In the URL bar type “about: config” and press enter.

* Then, type “punycode” in the search bar of the browser.

* Now search for “network.IDN_show_punycode and change the value of it from false to True.

Until an official patch is released by the browsers, users are advised to type in the URLs manually and also to double check the website for any suspicious activity before putting in sensitive information.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Apple
  • Chrome
  • Cyber Crime
  • Firefox
  • Google
  • hacking
  • internet
  • Opera
  • Phishing
  • Phishing Scam
  • Privacy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Are Drones an invasion of privacy?
Next article Tons of Apps on Google Play Store Infected with BankBot Malware
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
2 scraped LinkedIn databases with 500m and 827m records sold online

2 scraped LinkedIn databases with 500m and 827m records sold online

Hackers leak data, 600k card info from Swarmshop cybercrime forum

Hackers leak data, 600k card info from Swarmshop cybercrime forum

Unpatched vulnerable VPN servers hit by Cring ransomware

Unpatched vulnerable VPN servers hit by Cring ransomware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
2 scraped LinkedIn databases with 500m and 827m records sold online
Cyber Crime

2 scraped LinkedIn databases with 500m and 827m records sold online

Facebook ads dropped malware posing as Clubhouse app for PC
News

Facebook ads dropped malware posing as Clubhouse app for PC

Hackers leak data, 600k card info from Swarmshop cybercrime forum
Cyber Crime

Hackers leak data, 600k card info from Swarmshop cybercrime forum

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us