|Today you can be phished after clicking on a link in your email and finding yourself at the website https://?????.com. Your browser will show the green padlock icon, which confirms a secure connection and even spell “Secure” next to it, for added reassurance – but it’s still a fake site.
It’s all about the URL, which may look like it reads “apple”, but in fact it’s Cyrillic characters spelled as A, R, R, stoke, E. While the site’s security certificate is real enough, it only confirms that you have a secure connection to ?????.com, but does not ensure that you’re connected to a legitimate site.
As you can see, there is a problem with the way domain names can be registered and displayed. Previously, domain names could only be written in Latin characters without diacritics, but now it is possible to write them in other alphabets as well. This opens up a whole new avenue of misdirection for malicious actors, who can find characters in other alphabets which look similar to Latin ones in order to mislead the users. This is known as a homograph attack, where difference between the legitimate and fake domains may not be obvious at first glance.
However, some browsers may recognize such tricks and display the underlying domain name if they sense mischief. They usually reject any domain name containing more than one alphabet – but in our case, that doesn’t work because it is entirely written in the same alphabet.
Apple’s Safari and Microsoft’s Edge detect this domain as a fraud, but Google Chrome and Mozilla Firefox do not and display the Cyrillic domain name instead, which, when written in the sans serif typeface used as standard by those browsers, leave the domains indistinguishable.
The problem with this particular domain was reported to Chrome and Firefox back in January, after which Google decided to release a fix in the end of April. However, Mozilla declined to take any efforts, saying that it was Apple’s responsibility to check for whole-script homographs and register them.
Security experts admit that common advice to web users won’t help to prevent the theft of credentials. They believe that the best response of the site administrators is to assume the theft and take adequate measures to identify account takeover – for example, detecting attempt to access the account from irregular device and irregular geo-location or abnormal activity in the account.
Friday, April 21st, 2017
|posted by (2017-04-21 18:44:13)|
|but question is : can we fall on this website if we make an apple search on google or else ? as it use different grammar i doubt google will find it as a potential result right ?|
|posted by (2017-04-22 06:22:10)|
|Who writes this shit? Can't understand a thing!|
WHAT does this crapsite do? Where does it resolve to?
|Well, they are aiming for bottom dumbest and easiest fooled 15% of the computer market share users worldwide.|
How can they not win with this dumb ploy with a near 100% hit rate?
"You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time." lol
|It has nothing to do with being dumb or easily fooled.|
|Each person is his own judge.|
|I believe that there is a list of people who have continually fallen for phishing scams. I think they look for older people who aren't as tech-savvy as younger users and, of course, those users who have fallen prey to scams like this before.|
Just like email marketers have lists of people who buy from them, I think there are phishing lists to be bought and sold by those nefarious people who run those scams. I don't know that I'd call those people "dumb, per se. Usually, it's just people who aren't completely tech-savvy who fall for things that other people would see immediately as being "not right". There have been many times I've had my older family members call me to say "Microsoft sent me a message on my screen telling me I had a virus and I needed to call them so they could fix it." In reality, it was a scam pop-up with an 800 number to call. But, my family members weren't sure and had I not been around to answer their question, they might have called "Microsoft" and given them money or whatever info they'd asked for.
|All fools are easily parted from their money.|
Coyote is always out there waiting, and Coyote is always hungry.
Most Popular Stories