|
Title: [SCAM][PHISHING] Fake ripple airdrop, yet another punycode attack Post by: witcher_sense on December 22, 2020, 06:52:30 AM What happened: Fake/malicious website
ANN: not listed here yet Scammers Website: Code: https://rỉpple.net/insights/ (https://xn--rpple-e81b.net/insights/) https://web.archive.org/web/20201222063114/https://xn--rpple-e81b.net/insights/ https://archive.is/VZTPz Quote Domain Name: XN--RPPLE-E81B.NET Registry Domain ID: 2578798072_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.webnic.cc Registrar URL: http://www.webnic.cc Updated Date: 2020-12-16T10:44:03Z Creation Date: 2020-12-15T09:33:41Z Registry Expiry Date: 2021-12-15T09:33:41Z https://i.imgur.com/i9B3rmn.jpg https://i.imgur.com/9j4OJzF.jpg After a recent Ledger data breach, I started to receive strange emails with random airdrops like the one above. Yeah, my email was leaked too since I was subscribed to the Ledger newsletter. Not anymore, though. Be careful guys, don't fall victim to such scam attempts. Stay safe! A small guide for Firefox users on how to avoid punycode attacks: To avoid this attack in Firefox and Tor, do the following: Open a new tab Type about:config and hit enter Accept the warning if one appears Search for the string network.IDN_show_punycode Change the value to true This will make these domains display as "xn--xxxxx" rather than the site name they are trying to imitate. Chromium based browsers should warn you about punycode domains automatically, provided they are up to date. Another simple way to avoid falling victim to sites like this which pretend to be other sites, often web wallets and exchanges, is to use a good password manager such as KeePass. KeePass will automatically recognize that it is a fake site and won't input your user name or password. |
