Bitcoin Forum
December 13, 2019, 03:22:11 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: UPDATED!!! Punycode and how to protect yourself from Homograph Phishing attacks?  (Read 528 times)
wwzsocki
Legendary
*
Offline Offline

Activity: 1134
Merit: 1074



View Profile WWW
October 11, 2019, 10:05:19 AM
Last edit: October 24, 2019, 09:36:04 AM by wwzsocki
Merited by tranthidung (1)
 #21

Today I found that there are a couple of addons for Google chrome and other browsers that are vulnerable to the Punycode and  Homograph Phishing attacks.

PhishProtect Beta: Free open-source tool to protect against homograph attacks and zero-day phishing powered by AI and Computer Vision. The tool redirects the browser to a warning page when IDN/Unicode URL or zero-day phishing website is detected and the full Punycode (ASCII) representation is displayed.
https://chrome.google.com/webstore/detail/phishprotect-beta/mikecfgnmakjomepfcghpbhfamjbjhid

Punycode alert: extension that alerts you when a Unicode URL has been opened preventing phishing attacks.
URLs can be registered in Unicode and some scams can be made with URLs looking like official websites. This extension alerts you when the URL is of this kind.
https://chrome.google.com/webstore/detail/punycode-alert/odbbcdajedbapmgpgfacfigdpbdahenh

These two are not known so much but have a couple of thousands of users but is hard to tell something more about them and to find more info or reviews online.

The last addon I found is Punycode Domain Detection and is the most known from these three. I found a couple of articles about it. Developed by Phish.ai and released a Google Chrome extension that can detect when users are accessing domains spelled using non-standard Unicode characters and warn the users about the potential of a homograph attack.



Here link: https://chrome.google.com/webstore/detail/punycode-domain-detection/fkenopinnpinfcjneoanjoimhkmdcjne

If you wish to read more here is the article I used as a source for information: https://www.bleepingcomputer.com/news/security/chrome-extension-detects-url-homograph-unicode-attacks/

1576250531
Hero Member
*
Offline Offline

Posts: 1576250531

View Profile Personal Message (Offline)

Ignore
1576250531
Reply with quote  #2

1576250531
Report to moderator
1576250531
Hero Member
*
Offline Offline

Posts: 1576250531

View Profile Personal Message (Offline)

Ignore
1576250531
Reply with quote  #2

1576250531
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576250531
Hero Member
*
Offline Offline

Posts: 1576250531

View Profile Personal Message (Offline)

Ignore
1576250531
Reply with quote  #2

1576250531
Report to moderator
1576250531
Hero Member
*
Offline Offline

Posts: 1576250531

View Profile Personal Message (Offline)

Ignore
1576250531
Reply with quote  #2

1576250531
Report to moderator
yazher
Sr. Member
****
Offline Offline

Activity: 574
Merit: 385



View Profile
October 11, 2019, 10:42:43 AM
Merited by wwzsocki (1)
 #22

This is some scary phishing technique, another worth thread to post on my daily news today. I'll make them aware of this kind of phishing.
A few months ago I entered a fake Bitcointalk site but instead of .org the fake one is .to I'm close to getting hack by that site because I am already in the login window. I was about to sign in when I see something strange with the domain name and read it again, Damn, it was not the original site rather it's the fake one.

Base on your examples they are only interested in hacking Big exchanges account, If they make something like a Bitcointalk site, many users will fall and become victims with this kind of phishing. That's why I need them to be aware of this kind of stuff.

smartmixer.io▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
Make your Cryptos untraceable!
(( ███████ ((    TELEGRAM    )) ███████ ))
▄▄███████▄▄
▄███████▀███████▄
▄███▀▀▀ ▄▄▄ ▀▀▀███▄
▄███ ▄▀▀▀   ▀▀▀▄ ███▄
████ █  ▄   ▄█ █ ████
████▌▐▌ ▀█▄█▀ ▐▌▐████
▀████ ▀▄  ▀  ▄▀ ████▀
▀████▄ ▀▄▄▄▀ ▄████▀
▀█████▄▄ ▄▄█████▀
▀▀███████▀▀
.

NO LOGS
▄▄███████▄▄
▄██████▀▀▀██████▄
▄█████▀ ▄▄▄ ▀█████▄
▄██████ ▀   █ ██████▄
███████   █▀  ███████
████████▄ ▄ ▄████████
▀████▀         ▀████▀
▀███   ▄   ▄   ███▀
▀███████████████▀
▀▀███████▀▀
.

NO SIGN-UP
▄▄███████▄▄
▄███████████████▄
▄███████▀   ▀█████▄
▄████▀  ▀      █████▄
████     ▄▀▄  ▀ ▀████
███    ▄▀▄ ▄▀▄    ███
▀███▄▄  ▀█ █▀   ▄███▀
▀████████ ████████▀
▀███████████████▀
▀▀███████▀▀
.

70% COMSN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MIX NOW!
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
magneto
Hero Member
*****
Offline Offline

Activity: 1162
Merit: 616

CryptoTalk.Org - Get Paid for every Post!


View Profile
October 11, 2019, 11:43:41 AM
 #23

Extremely comprehensive guide. I did know of these phishing websites before but didn't know the exact method that scammers seem to do this by.

I think that browsers should definitely show these codes by default, or at least have better algorithms that detect when the user is visiting a fraudulent site. Of course it is impossible to keep up with these phishers 100% all the time, but it should at least get periodically updated (this sort of scam has been around for a while now).

The majority of these phishing sites come from google ads as far as I know. You should never click on any of them. Even top search results can sometimes contain these sites if the site is relatively new. As others would have probably suggested, even though bookmarks may seem like a hassle, they are definitely worth it.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
Lafu
Legendary
*
Offline Offline

Activity: 1358
Merit: 1251



View Profile
October 11, 2019, 12:19:51 PM
Merited by wwzsocki (1)
 #24

Great post and thread , sadly i have just seen it now lol  Cheesy !

Nice information and explain about the whole thing , respect !

This deserved 3 Merits from me to you  , so you Hit now the Legendary Rank with it !


Congrats for the Legendary and welcome in the Club !  Cool

Regards Lafu

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███

████▀█▄▀█████▌  ▀██▀▄█ ████

█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████

███████████████████████████
|▄█████████████████████████▄
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄▀▀██░░░██▀▀▄▀██████
█████░██▄░░▄▄▄▄▄░░▄██░█████
████░█▀▀░▄██▄▄▄██▄░▀░█░████
████░█▄▄░█░█░░░█░█░▄▄█░████
████░██▀░▀██▀▀▀██▀░▀▀█░████
█████░█░▄▄░▀▀▀▀▀░▄▄░█░█████
██████▄▀██░░▄██░░██▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████▀█▀░█▀▄█
████████████████████░░░░░▀▄
████▄▄▄▀██████████▄▄░░░░░░▀
███████▀▄░▀▄░░▀▀███▄█░░░░░█
██████▀▄▄▄▀░░░░░░░▀█▄█░█▄█▄
█████▀░░░░░▀▀▀░░░▀▄▀███████
█████░░░░█░███░█░░█░███████
█████▄░░░▀░▀▀▀░▀░▄▀▄███████
██████▄░░░░▀▀▀░▄▄▀▄████████
████████▄▄░░░░▀▄▄██████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
█████████████▐░░░░█████████
█████████████▐▄▄▄▄█████████
██████▀█▀███▀▀▀███▀█▀██████
███████▄▀▄▀▀░█░▀▀▄▀▄███████
█████████▀▀█▀▀▀█▀▀█████████
████████░█▀▀▀█▀▀▀█░████████
███████░█▀▀█▀▀▀█▀▀█░███████
██████░█▀▀▀█░░░█▀▀▀█░██████
█████░█▀▀█▀▀▀█▀▀▀█▀▀█░█████
████░█▀█▀▀▀█▀▀▀█▀▀▀█▀█░████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████████████████████
█████████▀▀▀███████████████
█████▀▀░░▄▄░░░▄████████████
█████▀▄░▀░▄▄▀▀░░▀▄░▄▀██████
█████░░▀█▀░░▀▀░▄░█▄▄▄▄█████
█████▌▀▄▐▌░█░▀░▀░█░░░░█████
██████▄░░█░░░▀▀░▄▀░▀░██████
████████▄▐▌░▄▄█████████████
███████████████████████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
████████████████████▀▀▀░███
████████████████▄░░░░░░░███
█████████████████▀░░░░░▐███
███████████████▀░░░░▄▄░████
█████████████▀░░░░▄████████
██████████▀▀░░░▄███████████
███████▀░░░▄▄██████████████
███▀▀▄▄▄███████▀▀▀▀▀███████
███████▀▀▀▀▀█░░░░░░░░▀█████
██▀▀▀▀░░░░░▄░░░░░░░░░▄░░▀▀█
░░▄░░░░▀▄░░█▄░░░▄▀░▄█░░░░░░
▀▄░▀█▄▄███▄███▄██▄███▄▄▀░▄▀
|ROULETTE
MINES
TOWERS
DICE
CRASH
──── ─── ─
wwzsocki
Legendary
*
Offline Offline

Activity: 1134
Merit: 1074



View Profile WWW
October 11, 2019, 01:19:46 PM
 #25

Great post and thread , sadly i have just seen it now lol  Cheesy !

Nice information and explain about the whole thing , respect !

This deserved 3 Merits from me to you  , so you Hit now the Legendary Rank with it !


Congrats for the Legendary and welcome in the Club !  Cool

Regards Lafu

Thank you very much Lafu!!!

This is a real achievement for me, so I will remember this first post as a Legendary member and those 3 merits which made it possible for a very long time, probably forever  Cheesy.

After so many years, I finally got to the most famous Legendary club, it's a little hard to believe, that it is right now and on the other hand it lasted for so long.

Mission accomplished 

crypto mania
Member
**
Offline Offline

Activity: 448
Merit: 92


View Profile
October 12, 2019, 12:31:28 PM
Last edit: October 12, 2019, 12:57:56 PM by crypto mania
 #26

...Congrats for the Legendary and welcome in the Club !  Cool..

CONGRATUALTIONS!!!

You finally did it. Amazing achievement taking into consideration that this only took 2 years.
As you see I am back after so long again because of you. I will to be more active because is a shame to left this account after so much work I already did.
One more time thank you for everything you did for me on the forum and sorry for all the problems you had because of me.

I see that your posting skills are indeed on a much higher level and hovering merits is now for you something common.
This Punnycode thread is one of best I have read lately about security breaches on Bitcointalk forum, kudos for that.

BEST BTC FAUCET claim every hour, paying for years https://freebitco.in/?r=118513
wwzsocki
Legendary
*
Offline Offline

Activity: 1134
Merit: 1074



View Profile WWW
October 24, 2019, 09:32:14 AM
 #27

...I think that browsers should definitely show these codes by default, or at least have better algorithms that detect when the user is visiting a fraudulent site. Of course it is impossible to keep up with these phishers 100% all the time, but it should at least get periodically updated (this sort of scam has been around for a while now)...

Exactly, I was wondering about the exact same thing which is why the hell browsers just don't implement something which will show the real URL, message in a popup or something else which will be really helpful and easy to use and understand. Despite everything as for now, there is no solution provided from browsers creators and all I found was a couple of addons and already written about this a couple of posts above.

...The majority of these phishing sites come from google ads as far as I know. You should never click on any of them. Even top search results can sometimes contain these sites if the site is relatively new...

This is, of course, true what you have written but outside Google Ads are also plenty of them. I have Ad blockers installed (uBlock Origin) and still already was a couple of times on such phishing websites that use Punycode and Homograph Phishing attacks to steal your passwords and only thanks to my password manager I haven't shared it.

I think we have to prepare for even the worst situation in the future because phishing websites count is growing with insane speeds. Today I have read a great post about this subject in this thread: Re: Half of all Phishing Sites Now Have the Padlock Sign

wwzsocki
Legendary
*
Offline Offline

Activity: 1134
Merit: 1074



View Profile WWW
November 25, 2019, 09:23:30 AM
Last edit: November 25, 2019, 12:27:34 PM by wwzsocki
Merited by DdmrDdmr (1)
 #28

I found a great service called Gluee with multiple tools for webmasters and developers but the most important thing for us is that there are a couple of tools to protect against Punycode vulnerability.


https://www.gluee.com/tools/

As you can see the first one called Punycoder is a tool that converts text with special characters (UNICODE) to the Punycode encoding (just ASCII) and vice versa.

This is a great tool to check all suspicious Phishing Punycode URLs. Just copy and paste the needed link.


https://www.punycoder.com/

Punycoder - Punycode converter or an IDN converter, a tool for Punycode to Text/Unicode and vice-versa conversion.

I advise checking the other tools from this website because they can help to stay safer online if we use them.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!