Chrome and Firefox Phishing Attack
Very important for anyone using Chrome or Firefox as their primary Internet browser!
There is a new phishing attack that is receiving a lot of attention today in the security community. This new attack is capable of using domain names that are identical to known safe websites.
As a reminder:
A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be a trusted site. Simply visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.
This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker. This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer, Microsoft Edge or Safari browsers.
What Can You Do?
Currently we are not aware of a manual fix in Chrome for this. Chrome have already released a fix in their ‘Canary’ release, which is their test release. This release should be available to the general public within the next few days
For Firefox, do this:
In your firefox location bar, type ‘about:config’ without the quotes.
Do a search for ‘punycode’ without quotes.
You should see a parameter titled: network.IDN_show_punycode
Change the value from false to true.
Unfortunately this attack makes it impossible to tell if you are on a safe site or a malicious site by looking at the location bar in your browser. Until Firefox and Chrome fix their vulnerabilities you need to be very ever vigilant. Please manually check for your chosen browser updates until this is resolved.
Wordfence security has published a public service announcement that provides a working demonstration using a health care website. They also let you know how to fix the issue if you use Firefox and what to do if you are using Google Chrome.
You can find the full post on their blog…