Topic: Punycode and how to protect yourself from Spoofed URLs and fake websites. (Read 1056 times)

Unfortunately, I haven't noticed any spoofed website names yet. As you already know, I didn't even know about it. I don't know If I have visited such a link before without understanding that this is not the real website. If I find anything like this in the future, I will keep update you about it.


I always agree with something that may help forum people. As I said, I didn't find any website yet as I wasn't aware about it. Moreover, I do not actively search for them. The scam websites links I gathered from a random search when I was interested about a specific miner. Let me know what should I do to help everyone.

ok let's stop with this offtopic and bring back discussion about Homograph Phishing attacks

---

have you found any new fake website with spoofed name worth attention and sharing lately? known exchange or wallet maybe?

I keep thinking if I shall add links to your thread and the others I have seen when i was reading your comments about Punycode and Homograph Phishing attacks to make it easy to find for members that are interested and want to read more about this.

I think is worth to do it, if you agree with me and have any links that I can add please share, I will take a look and add the most valuable once or all of them, we will see

Thanks for understanding. No one is above the mistakes, and I guess I was the one who unintentionally wrote something bad. I am happy to know you didn't take it too heavily, and even you forgot that already.
 
I also like to stay neutral all the time, but sometimes I do something that is not acceptable to others. But, I believe I can handle criticism, and I understand what mistakes I made in the past. Saying sorry for my own mistakes won't make me down. So, when it's my mistake, I would be very much happy to apologize.

oh thanks for explanation, I don't like personal fights and am immediately nervous to such extend that i couldn't understand what was written, don't know what to think about this, i need a chill pill i assume  

no i don't remember this at all, i am such type that usually don't involve in fights and always try to be polite.
I've never been able to hold a grudge against someone for long

. You didn't insult me. It was my bad buddy! If you already forgot what happened, I don't want to remind you about it anymore. But I can give you a hint that it occurred in the Sinbad Bitcoin prize prediction thread. I am genuinely sorry, and I hope you didn't take it with a heavy heart.


Thanks for updating the thread. As I said, I had never heard about it before SFR10 mentioned this. I never knew something like this existed. I bumped this one because I believe more people should read about it.

I keep sitting here and look for posts in my account history to recall what was this all about but can't find anything. I hope it wasn't done on purpose, maybe language barriers, please send me link if there is any or remind (maybe in DM?) what was that all about,

I hope it wasn't my intention to insult you but if it was then one more time i am very sorry and hope that you will be able to accept my apology


I have edited/updated a bit for beter read, thanks for bumping it, also hope that more people will read about "Punycode and how to protect yourself from Homograph Phishing attacks"

Punycode and Homograph Phishing attacks are the easiest way to get scammed and many even experienced internet users are not able to recognize it, enough to type username and password on fake website

Lately this scam is even better and there are fake websites that redirect to original website after hitting login for example, so there is small chance to recognize that something gone wrong, people think "oh failed login, for sure typed wrong, fat fingers" and try one more time, which is successful, they don't expect that somebody just got access to this account.

I myself almost shared password to one of my exchanges accounts, so I am totally aware how well made fake websites are, at first look I wasn't able to recognize it, don't mention spoofed URL, of course it looked exactly same as original

The best practice to be safe is to use links only from trusted sources, direct links and bookmark them.

Password manager is also very helpful, in my case switched on the red lamp when i wasn't able to login to the fake website when I was simply clicking on username, it should fill automatically and I got nothing, couldn't login even if I wanted to because didn't knew the password, it is strong and generated by the password manager.

always use Two-Factor Authentication (2FA) if possible

A friendly bump!

I believe this thread needs more attention from everyone, so it gets bumped. People need to read this and understand the importance of the Punycode and Homograph phishing attacks. I thought I knew many things, but I am being honest here, I never heard about it before this week when SFR10 mentioned it. He forwarded me to this thread, which everyone should read and know.

---

@wwzsocki, I had a fight with you in another thread but the truth is, I never wanted to engage in a fight but you got insulted by me. I am sorry for that. I hope you didn't take it with heavy heart.

I'm afraid I can't since I flat out refuse to install anything related to Google on my devices, especially not Google Chrome since it is spyware and a privacy nightmare.

According to the Chrome Release Notes here (https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html), this has been addressed (CVE-2017-5060) since version 58, and Chrome and Chromium based browsers should display the raw "xn--abc123" code.

There are images of this on this page: https://www.thesslstore.com/blog/security-changes-in-chrome-58/

Thank you very much for your input @Oeleo. It would be great if you can show how it's look like by default in Google browser?

Is there any message shown that this is Punycode, don't understand quite correctly because don't use it from quite some time,

Still, I use Brave which is also build on Chromium and haven't noticed anything to be honest.

I will soon make an tutorial with screens how to set up this on Firefox for less experienced members but would be great to show also some Google examples.

Please explain more exactly how it works on Google now? Does it mean they don't show URLs translated to ASCII only original once?

You don't really want to install an extension for something so simple to solve. Every extension you install is a security risk, and unless you sit down and review all the code yourself (which few users have the knowledge and skill set to do, and even fewer actually do it), then you are introducing more and more unknown and potentially malicious code in to your browser with every extension you install. With any browser, you should be aiming to keep the number of extensions you use to the bare minimum, and they should only be ones which are open source and independently reviewed unless you are reviewing the code yourself. Malicious extensions can do everything from change bitcoin addresses in your clipboards through to stealing your passwords and your coins.

In Tor or Firefox, simply open a new tab, enter about:config, accept the warning, and change the preference "network.IDN_show_punycode" from false to true.
Chromium based browsers now show punycode as default, provided they are up to date.

Don't know to be honest but I fully agree with you that Punycode is the biggest threat for normal internet user today when it comes to browsing the web and using URLs.

Despite many tools I have found and even reviewed in this thread, still I haven't found even one which will be easy to use and widely distributed like an extension or something.

This is for my very surprising that nobody created something like this because taking in consideration the scale of danger, even paid version could be easily a big success

And now shout out to the community, if anybody have seen or uses any tool that helps with Punycode and Homographs, please share!

Yes, I was made aware of this danger thanks to your thread, I think this thread should be pinned!
Or maybe this is a thread about  biggest threats and it could be linked there?

I agree but despite everything and that I had one, still, I started to manually log in when there was no response from the password manager.

As I said, I was lucky to recognize something is wrong but can assume that many people can't and login every day on phishing sites.

Thanks to this event, this thread came to existence, I hope that at least a few members more are aware of this threat thanks to my writings.

Manualy typing is very dangerous .. it needs only your computer is infected by keylogger and hacker will know your password immediatelly! Only good password manager (with good encryption,) is reliable solution!!

No, not exactly, I had it saved in my password manager, and every time I start to type he show the right option right away and here it was empty.

Still, I didn't realize and started to manually provide the password, luckily I don't know it and I wasn't able to figure it out, luckily I recognized something is wrong
and haven't provided any valuable info to the hackers.

It's really tricky and to be honest, we should check all URLs we are not fully sure of.

Your story sounds like you chose "Remember my password on this site (something like that)" on the browser you used to log in. I don't think it is good way to do despite of its simplicity and convenience. I never choose this option on any browser and everytime I log in, I manually type passwords.

Some sites have their security methods to automatic log out your accounts (on browser, on mobile) each month. And what you said is not always true that the site you are logging in your account is a phishing site.

Thank you @Adamvp for your kind words.

I created this thread because I was almost hacked using Punycode attack, thanks to Metamsk and password manager I was able to spot this on time but to be honest, I already started to write a password manually (few first ciphers) when I stopped because something filled wrong about this login.

I was logged in earlier and normally my password and username are automatically filled when I am on the correct website and here it wasn't, despite I was logged in a few minutes earlier and only closed the tab. Additionally on the correct website, when I start to type email or password the login details came up automatically thanks to the password manager, and here it wasn't. Second-time Metamask warned me that I am on a phishing website and didn't let me proceed further.

So, I started to dig this Punycode topic and found that we are almost defenseless because these pishing URLs are exactly the same or almost identical to the original.

I think, I am quite paranoid about privacy and malicious threats and if I was so easily almost hacked I can imagine that many people are vulnerable every day even without knowing it.
So if this thread helps somebody to defend himself or at least to be aware of the danger, then I am ok with that and think that the job is done .

Very valuable work wwzoscki! I was aware of phising threats, but I have never heard about such thing as punnycode. And it is one of most dangerous one, sometimes it needs to enter dangerous side to harm your computer. Many thanks, good job!

Wandera - the world's largest provider of cloud security for remote workers, just published its Cloud Security Report for September 2020.

In which they refocus on phishing, looking at the length of phishing URLs compared to safe URLs, but nor only.

Researches from Wandera found that the length of a URL can be a telltale sign of a phishing attack.


Wandera researches warn that spotting suspicious links could be very problematic on smartphones and tablets because modern browsers truncate URLs for a sleeker design.


I encourage everyone to read about Punycode and Phishing attacks, in this report are many interesting pieces of information, like the days of the week in which people visit phishing sites the most.


Here link to the full report: https://www.wandera.com/cloud-security-report-september-2020/

I found a great service called Gluee with multiple tools for webmasters and developers but the most important thing for us is that there are a couple of tools to protect against Punycode vulnerability.


https://www.gluee.com/tools/

As you can see the first one called Punycoder is a tool that converts text with special characters (UNICODE) to the Punycode encoding (just ASCII) and vice versa.

This is a great tool to check all suspicious Phishing Punycode URLs. Just copy and paste the needed link.


https://www.punycoder.com/

Punycoder - Punycode converter or an IDN converter, a tool for Punycode to Text/Unicode and vice-versa conversion.

I advise checking the other tools from this website because they can help to stay safer online if we use them.