This is very important announcement specially to all internet users who love to shop online. There's a new tactics that might get you caught to become one of the victims of this "near impossible" to detect Phishing Attack with unicode domains.

Near impossible to detect Phishing Attack on Chrome, Firefox and Opera

According to a Chinese web developer, Xudong Zheng, he unveal the possibilities that maybe one day you might encounter a website that's look like legit company because of its original URL, logo, and layout design but without being aware you'll end up to be deceived. He warned everyone that hackers can use a known vulnerability on web browser through a unicode domains.

How? Zheng posted on his blog the complete explanation about the "Unicode Domains" with example of the said "near impossible" to know if the website is real or fake. He showed the demo website showing the exactly the same domain name with security (SSL) as well.

Sad to say but the three commonly used website browsers that vulnerable for this kind of phishing attack are Chrome, Firefox and Opera. While the Internet Explorer and Safari are fortunately not vulnerable.

Zheng already reported the "bug" to the Chrome and Firefox on January 20, 2017. The Chrome team already addressed the issue and fix will be available around April 25, but the Firefox team was remain undecided about the said report.

But don't be afraid, because there's a fix for this issue. And to limit the exposure of this Unicode characters bug on the Firefox browser, you have to follow the instruction below.

1. Copy this text 'about:config' and paste to the Firefox address bar then ENTER
2. Search this text 'network.IDN_show_punycode'
3. Double click the searched text to become 'TRUE'

With this small but very helpful solution, you'll be easily to identify malicious domains or websites.

Zheng advised this, "A simple way to limit the damage from bugs such as this is to always use a password manager. In general, users must be very careful and pay attention to the URL when entering personal information. I hope Firefox will consider implementing a fix to this problem since this can cause serious confusion even for those who are extremely mindful of phishing."

FYI! Phishing attack is when an attacker sends you an email that contains a link to a malicious website.

What do you think on "unicode domains"?  Please use the comment box below and share your thoughts below.

Reference Source(s): Link
Image From:
Edited by: