Almost Perfect Phishing Technique Now Active – It’s scary when you can’t believe your own eyes
An almost perfect phishing technique has been publicized and may soon be used by criminals to steal your login credentials. Using a technique called UNICODE encoding, it is possible to create a URL (like https://example123.com) that actually is fake!
To the naked eye, such a URL will look real – and even display the SECURE LOCK symbol in your browser – while actually being a malicious site designed to steal your personal information.
As reported on the WordFence Security blog, this technique can be launched to fool anyone using the Mozilla Firefox or Google Chrome browser. It does not affect Internet Explorer, Microsoft Edge or Safari. The article includes links to a fake site and the corresponding real site. If you are viewing this article using Firefox or Chrome, you will not be able to distinguish between the fake and real URLs when they are displayed! Thankfully, it is perfectly safe to try these links, since the authors of the WordFence Security blog have made it clear which site is fake, and it is not designed to steal any information.
In the case of Mozilla Firefox, there is a manual configuration change that can be made in the browser (see the linked article above in the section: How to Fix this in Firefox) so that the “fake” URL will be revealed for what it is. However, no such solution is available for Google Chrome. Google is aware of this issue and will hopefully be releasing an update to Chrome that will defeat this threat.
Be extremely vigilant over the next few days, because this phishing threat is virtually undetectable.
Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.