I just read an article on ghacks.net concerning punycode which can be used to obfuscate a URL in order to make it appear like the real one even when it's a secure site. Here's the link to the article.
In the second paragraph there's a link to what looks like apple.com complete with https:// and digital certificate. If you hover the mouse over it you'll also see it written the same way bottom left of Firefox, but click the link and you'll end up somewhere completely different.
To prevent a phishing attack that uses punycode set network.IDN_show_punycode to true in about:config. It will also reveal the real URL the link will take you to bottom left of FF afterwards.
Punycode phishing attack will have you fooled
- Reflective
- Posts: 2283
- Joined: February 15th, 2007, 11:13 am
- Happy112
- Posts: 485
- Joined: April 15th, 2017, 10:25 am
- Location: Never-Never-Land
Re: Punycode phishing attack will have you fooled
Hi Reflective,
Good for you to spot this !
Here's a link to a thread on the Mozilla's support forum about this subject :
https://support.mozilla.org/t5/Firefox/ ... -p/1391072
Good for you to spot this !
Here's a link to a thread on the Mozilla's support forum about this subject :
https://support.mozilla.org/t5/Firefox/ ... -p/1391072
- LIMPET235
- Moderator
- Posts: 39956
- Joined: October 19th, 2007, 1:53 am
- Location: The South Coast of N.S.W. Oz.
Re: Punycode phishing attack will have you fooled
Hi,
It does not affect v20 for some reason. It cannot find the server or load the page.
A mouse-over the 2 posted apple.com link/s reveals the phony site
thusly > "http://xn--pple-43d.com" or > "https://www.xn--80ak6aa92e.com/"
Plus...
There's another/earlier thread on the subject.
> http://forums.mozillazine.org/viewtopic ... &t=3029518
It does not affect v20 for some reason. It cannot find the server or load the page.
A mouse-over the 2 posted apple.com link/s reveals the phony site
thusly > "http://xn--pple-43d.com" or > "https://www.xn--80ak6aa92e.com/"
Plus...
There's another/earlier thread on the subject.
> http://forums.mozillazine.org/viewtopic ... &t=3029518
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
- Reflective
- Posts: 2283
- Joined: February 15th, 2007, 11:13 am
Re: Punycode phishing attack will have you fooled
Sorry, didn't see the other one. Maybe you can merge this thread with that.LIMPET235 wrote:Hi,
It does not affect v20 for some reason. It cannot find the server or load the page.
A mouse-over the 2 posted apple.com link/s reveals the phony site
thusly > "http://xn--pple-43d.com" or > "https://www.xn--80ak6aa92e.com/"
Plus...
There's another/earlier thread on the subject.
> http://forums.mozillazine.org/viewtopic ... &t=3029518
- LIMPET235
- Moderator
- Posts: 39956
- Joined: October 19th, 2007, 1:53 am
- Location: The South Coast of N.S.W. Oz.
Re: Punycode phishing attack will have you fooled
I checked the time lines & was not sure if the resultant merged posts would be too confusing, so left it/them as is.
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
- dickvl
- Posts: 54161
- Joined: July 18th, 2005, 3:25 am
Re: Punycode phishing attack will have you fooled
Note that is these cases Cyrillic characters that look similar to the Latin characters are use.
аррӏе = аррӏе
https://en.wikibooks.org/wiki/Unicode/C ... /0000-0FFF
аррӏе = аррӏе
https://en.wikibooks.org/wiki/Unicode/C ... /0000-0FFF
- LIMPET235
- Moderator
- Posts: 39956
- Joined: October 19th, 2007, 1:53 am
- Location: The South Coast of N.S.W. Oz.
Re: Punycode phishing attack will have you fooled
Please use the other thread...
> http://forums.mozillazine.org/viewtopic ... &t=3029518
Locking as duplicate.
> http://forums.mozillazine.org/viewtopic ... &t=3029518
Locking as duplicate.
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)