Beware of the Latest Phishing Methods that Are Hardest to Detect

Many phishing methods are difficult to detect by popular browsers such as Mozilla, Chrome, Opera, and so on. This method is very dangerous and can harm anyone who is affected by this phishing.

Maybe for those who are not familiar with the terms of the IT world, what is meant by phishing? Phishing itself is simply a hacking technique that leads the victim into a fake site that is usually made as if the site is genuine, so the victim unconsciously enters important information into this site, be it like a social media account, to the worst. enter an account that is used for financial transactions (credit cards or other online payments), which then the hackers managing this phishing site can steal that information.

Now in modern browsers such as Mozilla, Chrome, Opera, etc. there is a bug gap that hackers can use to do this phishing method, which is even difficult to detect even experienced, or by IT experts who are not aware of this method. , even sophisticated antiviruses can't find out. one example you can try to access this site. www.аррӏе.com

Looks like the company's official website is Apple's address, right? Even complete with HTTPS SSL certificates which are usually only used by official sites and have encryption. But unfortunately that site is a fake Apple site because Apple's original site is as the following page. www.apple.com

How can this happen when the domain name of a site on the Internet cannot be duplicated? The answer to the fake site above is actually a site that uses non-standard domain names (Homograph Phishing Attacks) where the original Apple site name is fake above originally written in Chinese, but because of automatic settings in the browser Mozilla, Chrome, Opera, etc., the writing which is supposed to be Chinese or non-standard Latin is automatically changed to Latin so that the result becomes apple.com site too, even though it was a different site.

This bug itself is called Punycode and has been around since 2001, but until now it is still difficult to fix. But for Mozilla browser users can anticipate this phishing attack in the following way.
  • Open a new window, then enter this address: about: config.
  • After the settings open, in the search menu at the very top, write: Punycode.
  • Later Mozilla will show one string of code lines: network.IDN_show_punycode.
  • Change the value of the string that was originally false to true.
  • Close the about: config window and then retest the site again: www.аррӏе.com
After doing the above prevention, you will see the fake apple.com site above will change to invalid.invalid which is the original name of this site before it is automatically changed by the browser to a site with the Latin name apple.com.

Now this is what is meant by modern phishing hacking attacks which are still a scourge in cyberspace because many lay people even to the mastah can even be trapped fake sites like the above so as to provide important data to site owners.
Look!ClosedComment