Good Morning,
a colleague of mine just send me a link "xn--80ak6aa92e .com" Which sends you to an "apple.com" webside. This looks like the normal apple website in the URL but a few characters will be convertet from Cyrillic to "normal" letters and so the url looks legit at first sight.
Just wanted to let you know about this. Have a fine and save day fellow lurkers.
1 Like
Novasty
Split this topic
April 20, 2017, 2:27pm
2
Yea this is pretty damn scary phishing attack.
We also have another discussion about the same issue here:
Can you tell which of these domains are fake?
[image]
This phishing attack displays the domains identically to legitimate websites in Chrome and Firefox, the fake domain in question is actually https://xn--e1awd7f.com but will display as https://www.epic.com in the address bar of both Firefox and Chrome.
How does this work?
The xn-- prefix is what is known as an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses ‘punycode’ encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar.
What we have done above is used ‘e’ ‘p’ ‘i’ and ‘c’ unicode characters that look identical to the real characters but are different unicode characters. In the current version of Chrome, as long as all characters are unicode, it will show the domain in its internationalized form.
At the moment there is a manual fix for this in Firefox and Chrome is currently working on one that is currently in their Canary release:
go to about:config in the address bar
search for 'punycode'
change network.IDN_show_punycode from false to true
Source:
3 Likes