Chances are you and your employees use one or more of these very popular web browsers: Chrome, Firefox, and Opera. If so, you need to know about a very dangerous phishing attack that’s currently making its rounds. It’s dangerous because it’s nearly impossible to detect by even the savviest Internet users. Hackers are using it to collect sensitive information from users such as login and financial credentials.
How This Phishing Attack Works
In general, when a hacker uses a phishing attempt, they create web pages and send emails that are very close to the color, feel, and style of legitimate institutions. For example, a bank or other financial institution. When a user thinks they are verifying their bank account number or logging into their account, they’re actually giving it to hackers. No legitimate institution will ask you for sensitive information via an unsolicited email. If you look closely, you will see oddities in the web address URL or the from email address.
With this phishing attempt, however, you most likely will see nothing different than what you’d expect, even if you look closely. The reason is, they are using Unicode characters from foreign alphabets such as Greek or Cyrillic to hide their malicious web pages behind legitimate names. These characters are very close to their Latin alphabet counterparts by sight, but treated differently by your computer. For example, they may use a Cyrillic “а“ as opposed to the Latin “a”. Virtually impossible to tell apart, even when you know to look. Look at this example created by the Chinese researcher who discovered the attack, Xudong Zheng. If you see “apple.com” in the url when you click the link, your web browser is vulnerable to the attack.
Help is on the Way
Mozilla is working on a fix for Firefox and Google is set to release an updated browser at the end of the month for Chrome to address this weakness. In the meantime, if you are a Firefox user, follow these steps:
- Type about:config in your address bar. Hit enter.
- In the search bar, type Punycode.
- Look for the parameter titled: network.IDN_show_punycode. Right click and select Toggle to change the value from False to True.
Unfortunately, there isn’t a temporary fix like this for Chrome or Opera.
Protect Your Business Against These Attacks
The best way to protect you and your employees from homograph attacks like this is by using a reputable password manager for all logins. It will store your usernames and passwords and authenticate each user automatically when a site is visited. These managers can detect sites that look legitimate but aren’t and won’t auto-populate your login credentials. Also train your employees to always manually type in the web addresses for sites dealing with sensitive information: email, social media, banking and other financial sites, etc. Don’t click on links sent in emails to access them. Finally, take advantage of our FREE security assessment for your business and consider utilizing managed IT services. This includes 24/7 system monitoring, so you know your business data remains secure.
Hackers are becoming increasingly more sophisticated in their methods to steal your sensitive information. It’s crucial to stay informed and keep yourself protected from the latest attacks. Use this guide for you and your employees to avoid homograph phishing attacks. Contact Us for your FREE security assessment and to find out how managed IT services will keep your business data secure.