Phishing attack warning – a new phishing attack is making fake websites look like legitimate ones to spread viruses and/or steal personal data.

A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears genuine. However, visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a trusted site. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

The latest phishing attack takes advantage of Unicode text to make fake websites look genuine.

How does this work?

Unicode has letters that appear to be normal A-Z English characters, but to the computer they are different. Punycode technology allows the browser to recognise the difference and display the characters in the local language. This is required for countries with non-traditional alphabets that wish to register a domain that contains A-Z characters but renders in their local language

Attackers are exploiting this technology and using the “xn—“ prefix to create web domains. The prefix tells browsers that the domain uses ASCII compatible encoding. The browser then displays the URL in the local language. For example:

https://www.xn--80ak6aa92e.com will display as https://www.apple.com.

If the content of the fake website mirrors the genuine site it is easy for people to not be suspicious and provide sensitive information.

How to prevent this happening?

Internet Explorer and Safari

This does not affect Internet Explorer or Safari browsers.

Google Chrome

If you use Google Chrome you must update to the latest version (58.0.3029.81) which has been updated to show the real domain name and not the fake name.

Firefox

In your Firefox location bar, type: about:config

Do a search for: punycode

You should see a parameter titled: network.IDN_show_punycode

Change the value from false to true

To help protect yourself from cyber attack always update your software to the latest versions which have the latest security bug fixes.

For help or queries relating to cyber security please give us a call on 01392 207194 or email cybersecurity@bluegrass-group.com.