Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
This is a public service announcement which we consider urgent and in the interests of the broader online community. A phishing attack is being discussed in the security community today that allows an attacker to register a domain that appears identical to a known safe domain in the web browser. They can use this domain to launch phishing attacks that trick you into handing over your username and password information.
This attack makes it impossible to tell if you are on a safe site or a malicious site by looking at the location bar in your browser. This affects the current versions of Chrome and Firefox.
This is an announcement from the security firm Wordfence on April 19th at noon Pacific time: Chrome has just released version 58.0.3029.81. We have confirmed that this resolves the issue and that our ‘epic.com’ test domain no longer shows as ‘epic.com’ and displays the raw punycode instead, which is ‘www.xn--e1awd7f.com’, making it clear that the domain is not ‘epic.com’. We encourage all Chrome users to immediately update to the above version of Chrome to resolve the issue. The original post follows:
This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:
There is a phishing attack that is receiving much attention today in the security community.
As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.
This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.
This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.
For more details visit the Wordfence website.