Punycode & phishing attack

This is a high-risk security, affecting to Chrome and Firefox users. We suggest everyone applies the fix now.

If you are not familiar with phishing attack term, here is a short scenario. 

  1. You receive an email saying that your account with them has been expired, or has some errors which require you to login for correcting. So, you click on the link included in the email, you have a login screen, you login, but then nothing else. Ok, no big deal. You shut down your computer and continue your day.
  2. Another day, you receive a call from your bank, asking if that was you who has spent too much money via credit card from yesterday. No, you didn’t. But then when trying to log in your account again, you cannot. You lost your account already.

Punycode & phishing attack

Punycode is a config in each web browser. It allows web browsers to convert characters to unicode when a domain starts with xn-- characters. For testing, WordFence has registered a fake domain. They were even able to setup an SSL certificate for it.

  • The fake domain is xn--e1awd7f.com. Copy and paste to your Chrome or Firefox, check the address bar. What is the name now?
  • And the real domain is epic.com. You can compare the web content.

The fix

Among popular web browsers, Microsoft IE, Edge, Safari are safe from this problem. Chrome and Firefox are affected. Unfortunately, only Firefox allows you to change the config, not to use punycode. Chrome users will have to wait until the next release.

  1. In the address bar of Firefox, type about:config and press ENTER.
  2.  You can have a warning about changing the config. Accept it.
  3. In the search bar, type punycode and press ENTER. You should see the config network.IDN_show_punycode.
  4. Double click on the config name to change the value from false to true.
  5. Visit the test site again, and check the address.

So, I highly suggest you change the config now if you are using Firefox. If you are using Chrome, it might be safer to switch to Firefox or Safari in few days, until Google releases the new version with the fix.

Protecting your inbox

As mentioned above, phishing attack mainly happens via email. If you can protect your inbox safely, you are reducing a lot of risks. Doing it by using antivirus on your computer, or if your email service vendor has an antispam system, make sure that the system is working well, and updated frequently. Drop me a message if you want to use our antispam system, clustering based on SpamExperts technologies.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.