Posted: Apr 18, 2017 5:09 am
by Tangerine Dream
A Chinese infosec researcher has discovered a new "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.

He warned, Hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.

What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?


If you are a Firefox user you need to make a change in the configuration:

Type about:config in the Firefox address bar and hit the Enter-key.
Confirm that you will be careful.
Search for network.IDN_show_punycode.
Double-click the preference to set it to true.

This forces Firefox to show Punycode when it is used.