Author Topic: beaware of the fake urls encoded as like the real thing  (Read 483 times)

Offline hotcoffe

  • Nickel Member
  • ***
  • Posts: 542
beaware of the fake urls encoded as like the real thing
« on: April 20, 2017, 04:41:19 AM »
See: https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

Note from Skuzzy:  I had to remove this post as it could have caused a lot of problems for people who might have actually clicked on those links in the post.  Instead, the above link will describe the problem and if someone clicks on something at that site, then they will not come back to us complaining about how their computer was taken over by some hacker group.
« Last Edit: April 20, 2017, 12:48:09 PM by Skuzzy »
- Der Wander Zirkus -

Offline guncrasher

  • Plutonium Member
  • *******
  • Posts: 17360
Re: beaware of the fake urls encoded as like the real thing
« Reply #1 on: April 20, 2017, 11:07:23 AM »
Really you posted bad links?


Semp
you dont want me to ho, dont point your plane at me.

Offline hotcoffe

  • Nickel Member
  • ***
  • Posts: 542
Re: beaware of the fake urls encoded as like the real thing
« Reply #2 on: April 20, 2017, 07:05:57 PM »
Really you posted bad links?


Semp

no i posted a warming article about bad links ... (basically copy paste)
- Der Wander Zirkus -

Offline hotcoffe

  • Nickel Member
  • ***
  • Posts: 542
Re: beaware of the fake urls encoded as like the real thing
« Reply #3 on: April 21, 2017, 06:06:54 AM »
just got the word from our security team that google has also released a fix:

`Some of you have already spotted that Google have released the relevant update for Chrome web browser yesterday (after we started writing the below bulletin), so Chrome users should update now via (triple-dot-menu)->help->About Google Chrome – and “relaunch” Chrome (click the button) after the updated version (release 58 or later) has installed.`
- Der Wander Zirkus -

Offline shotgunneeley

  • Silver Member
  • ****
  • Posts: 1051
Re: beaware of the fake urls encoded as like the real thing
« Reply #4 on: April 21, 2017, 07:35:53 PM »
When you have a hyperlink directing you to click "here" or something, simply hover your mouse over it without clicking - The url will then become visible.

So for example, you get an email supposedly from Bank of America stating click "here" to view your account, but the URL reads "fastcashfakes" - it ain't Bank of America!
"Lord, let us feel pity for Private Jenkins, and sorrow for ourselves, and all the angel warriors that fall. Let us fear death, but let it not live within us. Protect us, O Lord, and be merciful unto us. Amen"-from FALLEN ANGELS by Walter Dean Myers

Game ID: ShtGn (Inactive), Squad: 91st BG

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: beaware of the fake urls encoded as like the real thing
« Reply #5 on: April 22, 2017, 01:19:14 AM »
When you have a hyperlink directing you to click "here" or something, simply hover your mouse over it without clicking - The url will then become visible.

So for example, you get an email supposedly from Bank of America stating click "here" to view your account, but the URL reads "fastcashfakes" - it ain't Bank of America!

Nope.

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9605
Re: beaware of the fake urls encoded as like the real thing
« Reply #6 on: April 22, 2017, 01:17:37 PM »
Nope.

I'd rather call it better than nothing. For most people that would be a huge step forward towards safer networking.

I'd also very much like to hear from better alternatives since that is an area where the crooks always seem to be one step ahead.
Quote from: BaldEagl, applies to myself, too
I've got an older system by today's standards that still runs the game well by my standards.

Kotisivuni

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: beaware of the fake urls encoded as like the real thing
« Reply #7 on: April 22, 2017, 05:53:59 PM »
I'd rather call it better than nothing. For most people that would be a huge step forward towards safer networking.

I'd also very much like to hear from better alternatives since that is an area where the crooks always seem to be one step ahead.

Well it is nothing.

IF you two read the links what happens is the punycode URLs look exactly like real URLs. You hover over them and they look correct. Hence the nope.

I believe most browsers are about to be patched.

Otherwise a good firewall (appliance) doing content inspection (web content, SSL decrypt, application, IPS, sandbox analysis).

Or perhaps a good Next Gen AV (don't ask me which one for consumer sorry).

ALWAYS assume that the people factor will fail you. "I only visit safe websites" = bollocks, safe websites get compromised all the time. "I can spot phishing emails" = bollocks, last year image exploits were used in emails to auto-execute java vulnerabilities with no user action required. And so on.

Offline JimmyC

  • Platinum Member
  • ******
  • Posts: 5196
Re: beaware of the fake urls encoded as like the real thing
« Reply #8 on: April 22, 2017, 07:55:30 PM »
Hang on....
Is this real fake news?
CO 71 "Eagle" Squadron RAF
"I'd rather have a bottle in front of me than a frontal lobotomy."

Offline shotgunneeley

  • Silver Member
  • ****
  • Posts: 1051
Re: beaware of the fake urls encoded as like the real thing
« Reply #9 on: April 22, 2017, 08:26:55 PM »
All that I intended to point out is that if you are suspicious you have a spam/phishing email with a hyperlink, you can simply hover over the hyperlink without clicking on it to see its true url destination. Sure, hackers may have a way around this - but this narrows things down a lot when I get questionable work emails. To my knowledge, there is no harm in simply checking the targeted url link by this method.
« Last Edit: April 22, 2017, 09:27:35 PM by shotgunneeley »
"Lord, let us feel pity for Private Jenkins, and sorrow for ourselves, and all the angel warriors that fall. Let us fear death, but let it not live within us. Protect us, O Lord, and be merciful unto us. Amen"-from FALLEN ANGELS by Walter Dean Myers

Game ID: ShtGn (Inactive), Squad: 91st BG

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9605
Re: beaware of the fake urls encoded as like the real thing
« Reply #10 on: April 23, 2017, 02:58:21 AM »
Actually not all browsers show the destination URL if the Status Bar has been disabled. Firefox does, PaleMoon doesn't, for example. Also, the larger the monitor the less you take notice of what reads in the bottom corners.
Quote from: BaldEagl, applies to myself, too
I've got an older system by today's standards that still runs the game well by my standards.

Kotisivuni

Offline Beefcake

  • Gold Member
  • *****
  • Posts: 2285
Re: beaware of the fake urls encoded as like the real thing
« Reply #11 on: April 24, 2017, 05:20:09 PM »
My question is does this affect bookmarks and the like? Or is it clicking links from emails or websites? I generally never click anything in emails and I usually go direct to the site to do my business.

Guess I'll have to start checking certificates on alot of sites I use.
Retired Bomber Dweeb - 71 "Eagle" Squadron RAF

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9605
Re: beaware of the fake urls encoded as like the real thing
« Reply #12 on: April 25, 2017, 01:30:56 AM »
Now that you mentioned bookmarks...

Every now and then I've noticed that a bookmark no longer works, i.e. the page it links to doesn't exist. That has proved true especially for big companies like banks, ISP's etc. who provide a lot of online services. They change the looks and functionality of their websites sometimes very drastically, like a bank who quit using Java on their online banking system. After a transition period the Java related page stopped working and people having that saved as a bookmark called for help. What if someone found a way to fake those obsolete pages. I don't know if that were even possible, after all the bookmarks direct to the right domain/server to their 404 page. Further, critical services most likely don't get on the "this domain is available" marketing pages. But who knows, there's people out there looking for flaws and backdoors, maybe one day an old bookmark can lead to a fake site. In a world of alternative facts we're more and more getting into the philosophical question of existence: Do we exist or are we just element's in someone else's dream?
Quote from: BaldEagl, applies to myself, too
I've got an older system by today's standards that still runs the game well by my standards.

Kotisivuni

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: beaware of the fake urls encoded as like the real thing
« Reply #13 on: April 25, 2017, 03:33:56 PM »
My question is does this affect bookmarks and the like? Or is it clicking links from emails or websites? I generally never click anything in emails and I usually go direct to the site to do my business.

Guess I'll have to start checking certificates on alot of sites I use.

Bookmarks no, emails yes most definitely. All the major browsers have patched or are patching to mitigate this problem. So give it a week or two and you'll be safe.