Recently, a security researcher has demonstrated a scary phishing attack which is almost impossible to detect.
This attack seems impossible to detect!
This Phishing Attack Is Impossible To Detect!
It Can Even Fool You
Lets first talk about Punycode.
It is a way to represent Unicode within a limited character subset of ASCII used for internet host names.
This method helps register domain names with foreign characters.
Like the domain name xn–s7y.co is same as .co.
Well, recently, a security researcher has demonstrated a scary phishing attack which is almost impossible to detect.
Well, the concept of this scary attack is old.
These browsers instead of showing Unicode characters shows normal characters.
Showing up the normal characters instead of Unicode makes it impossible to detect the notorious domains.
In the above image, you will see apple.com.
Here apple.com uses Cyrillic a (U+0430), instead of the ASCII a (U+0041).
This pop in of phishing attack is also known as homograph attack.
Well, this attack seems impossible to detect!
The bug was reported on January 20, 2017.
The fix has already landed on Chrome canary net surf tool.
It will be rolled out in Chrome 58 which is expected to arrive next week.
Firefox users can go toabout: configand then on in configs turnnetwork.IDN_show_punycodeto true.
If you want to know more about this attack you could read Xudong Zhengsblog post.
So, what do you think about this?
Share your views in the comment box below.
