Wordfence Security just issued an alert Friday, April 14, 2017 regarding an insidious phishing attack that uses the Chrome and Firefox browsers.
This does not affect Internet Explorer or Safari at this time.
Evil-doers have figured out how to register a website domain name using special code that makes their web address look exactly like that of an existing legitimate business. But behind its facade, the fake address is actually something like this:
First, let’s define phishing. Everyone that has an email account has at some point received a phishing email.
[idz_pullquote align=”left”] PHISHING: (sounds like ‘fishing’). Sending out emails containing links to apparently legitimate websites, but when clicked, the resulting web page and address are something else. [/idz_pullquote]
If you receive an email that looks legitimate (but is not) and it asks you to click on a link that looks legitimate (but is not), this is called phishing. Clicking that link will lead you to a website that will either:
- appear like the real website to get you to submit personal information, or
- it will be something completely different than what you expected, and probably put a virus or malware on your computer.
Either way, when you go to that website you will see that the web address is completely different than what you were lead to believe.
So what’s with the ALERT?
With this new trend, everything is the same as I’ve just described, except when you go to the bogus website, it looks like you are at a legitimate website and so does the web address.
These miscreants create a specially coded URL (domain) made up of odd letters and characters that generates the appearance of a real domain. Then they create a mirror website that looks exactly like the real one.
The phishing email is sent out and it may ask you to click a link to update your information or something like that. Once you enter that information on their site, they have captured whatever it was and can now do any number of things with it.
So how can you tell if the website is legit? Here’s what Wordfence suggests:
“If you are unsure [whether] you are on a real site and are about to enter sensitive information, you can copy the URL in the location bar and paste it into Notepad on PC or TextEdit on Mac. [If it is a fake domain, it should appear as the https://xn--…..] Otherwise it will appear as the real domain… if it is the real thing.”
What should you do?
I am always suspicious of emails that request me to click their link to do something. They could very well be legitimate, and they usually are, but sometimes they are not. So what I do is type the web address in the browser myself and navigate to whatever was mentioned in the email. That way I know I’m going to the real business website. I suggest you do the same.
Clicking a link in email is risky business. But I do click links if it’s in an email I am expecting, or there is something about the email that makes me confident that it is legitimate. Just keep your guard up, especially if it is for your bank, insurance, or anything super important.
Also, remember that these sneaky web addresses only work in Firefox and Chrome. Internet Explorer and Safari will recognize the discrepancy and give you a warning before loading the page. So setting one of those browsers as your default will cause the link to open in them and alert you.
Be safe out there! It’s still the wild, wild web and I don’t see that changing anytime soon.
To learn more, go to https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/