Skip to main content

This spoof Apple site illustrates the sophistication of today’s phishing attacks

Most phishing attacks – links that send you to a fake website in the hope that you’ll login with your real credentials – are usually easy to detect. Emails are often generic, rather than using your registered name. Grammar is poor or the wording is weird. The email will threaten closure of your account if you don’t take urgent action, and so on.

If you did miss all these clues and click on the link, the URL would show that it’s not really the site that it claims to be. But one demonstration site created by a Chinese security researcher shows how it’s possible to visit a fake website that seemingly shows the correct https://www.apple.com URL in a browser window …

The trick employed by the site is to use Unicode characters that look the same as the appropriate ASCII characters for the site impersonated, explains researcher Xudong Zheng.

It is possible to register domains such as “xn--pple-43d.com”, which is equivalent to “аpple.com”. It may not be obvious at first glance, but “аpple.com” uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0061). This is known as a homograph attack.

Safari isn’t fooled by this, but Chrome, Firefox and Opera all are. You can see this for yourself by using any of them to visit https://www.xn--80ak6aa92e.com (this is perfectly safe, it’s a site created by Zheng as a proof of concept). In Safari, you’ll see this URL as it appears here – but in the other browsers it will look exactly like https://www.apple.com.

Of course, to take full advantage of the exploit a phisher would have to make the email directing you there look as convincing as the site, but many people are fooled by even halfway-convincing emails.

The trick strengthens the usual advice: always visit websites from your own bookmarks or by typing the URL, never from a link in an unexpected email, even if it appears to be from someone you know. You can find more tips here.

Phishing was one of two methods used to obtain the iCloud logins used in the celebrity nudes attack back in 2014.


SOURCE
Labels:

Comments

Post a Comment

Popular posts from this blog

PRIVACY POLICY

Privacy Policy Last updated: February 20, 2024 This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Free Privacy Policy Generator . Interpretation and Definitions Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. Definitions For the purposes of this Privacy Policy: Account means a unique account created for You to access our Service or parts of our Service. Affiliate means an entity that controls, is con...
Post a Comment
Read more

Child-friendly Galaxy Tab 3 Kids listed in Korean brochure

We're no experts in Korean back-to-school literature, but it looks as if one retailer has tipped Samsung's plans a little early. If the documents above are legitimate, then the company will launch a kiddie-focused Galaxy Tab in short order. The Galaxy Tab 3 Kids is said to be an 8.5-inch slate with a 1.2GHz dual-core CPU, a 1,024 x 600 WSVGA display, 8GB storage, 1GB RAM and Jelly Bean. The company has also seen fit to include 802.11 a/b/g/n WiFi, Bluetooth 3.0, a microSD card slot (no word on capacity) and a 4,000mAh battery. One thing that lends weight to the listing is that the device's model number is SM-T2105, which evleaks tersely described as a "Galaxy Tab for children" a month ago. There's more pictures over at the source, but not a single spec saying that this new device is resistant to jam-smeared fingers. Source: ENGADGET
Post a Comment
Read more

'Cyberathlon' will see disabled athletes compete in powered exoskeleton races

Massive sporting events like the Olympics are becoming increasingly tech-charged, but the games themselves remain unchanged for the most part. A new event called Cybathlon, however, wishes to fully integrate technology into its events, for what's billed as "The Championship for Robot-Assisted Parathletes." Due to be held in Switzerland in 2016, races will feature "pilots" outfitted with powered limb prosthetics, exoskeletons and wheelchairs that can be either commercial products or research prototypes. There will also be a bike race for competitors with muscle stimulation devices, and a fully computerized event pitting brain-controlled avatars against each other on a virtual track. While there'll be medals and glory for some, it's hoped Cybathlon will raise awareness of assistive tech and encourage development in the area. Nothing like a bit of healthy competition to moisten an engineer's brow. SOURCE
Post a Comment
Read more