Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

(3 posts) (2 voices)

mikiem2
Moderator

bleepingcomputer[.]com/news/security/chrome-firefox-and-opera-vulnerable-to-undetectable-phishing-attack/

This is basically the same idea that led many sites & forums to not allow shortened URL links -- click the link & you don't know where you're headed. Same goes for any link where you don't see the full URL on the web page or in an email -- in that case we rely on the integrity of the page or email, & that it's not been hacked or forged etc.

In this case they're relying on Unicode characters that look like those in the regular roman character set, so hovering over a link, then checking the address that shows up at the bottom left of Firefox for example, won't help.

Fixes are supposed to be on the way.

Posted 7 years ago #
Suze
Member

Many thanks for the heads-up, mikiem2! It's getting harder to be able to distinguish between phishing and not.

Posted 7 years ago #
mikiem2
Moderator

Chrome has been patched or fixed. The folks behind Firefox OTOH elected not to... long story short, they apparently feel that blocking this particular misuse of Unicode characters would also hurt Firefox users who need things to work the way they do now. They say if the risk bothers you, start Firefox in its Safe Mode. [insert sound of Raspberry here]

Posted 7 years ago #

Reply

You must log in to post.