The usual way to check the dangerous website is to check if the URL is HTTPS before. If HTTPS then the website is secure. If not, then there might be a danger. But what if you started seeing HTTPS at the beginning of the URL of the dangerous website? Obviously it would be almost impossible for you to identify which website is dangerous and who does not.
Hackers are doing the same now. Websites sent for phishing will also get HTTPS and the website will look like a real domain.
The easiest way to hacking is to be phishing. But this is the way most of the users can survive. Because if there is a bit of information then fishing can be understood and prevented from it. But hackers are now taking similar methods in fishing which is quite easy, but the target user can not understand it.
China Infosec researchers have discovered a new method of phishing that it is almost impossible to detect. This phishing attack can also target those users who think of the internet as a lot of thinking and click the links.
Researchers have said that hackers can use phishing, Chrome, Firefox and Opera web browsers to use them. For this, like Apple, Google and Amazon
Fake domain name of the website steals sensitive sensitive information and log in details. By creating a fake website that looks like real, bank account fraud can be done and many big hacking can be done.
If these two websites look carefully at the address then they will find that they are the same, but one is real and the other is fake
Difficult to make a difference in real and fake websites
To avoid phishing attacks, you see the HTTPS next to the URL of the website. But you will be surprised to see this demo page. Chinese security researcher Xuadong Zheng has created a demo webpage, and anyone can say that it is Apple’s official website. Clicking on the given link opens a website which is written https://www.apple.com in the address bar. Even if you open Apple’s official website, you’ll still see this way. But obviously this is a demo i.e. Apple’s website but rather a throw. You can not make a difference in these two If you click on this link, then a website similar to Apple will open.
The researcher has written on this website that it is not the Apple website and it is designed to demonstrate the web browser’s flaws. That’s exactly what the URL looks like Apple.
In this way the attack is also called a homograph attack, which started from 2001. Under this, Unicode characters are replaced by a common character and in the view it looks like the real domain name. You can call it a browser shortcut, because browser companies have failed to solve this problem.
This is possible due to the imperfections of web browsers
According to the researcher, this loop hole of the browser gives the researcher the chance to get the domain name registrar and the protection is bypassed. For this, the researcher has used the code of apple.com.
However, Internet Explorer, Microsoft Edge and Apple Safari Web Brokers are not a drawback and you will not be able to open this link there. While the most used Chrome browser is a flaw, this is also a flaw in Firefox which is calling the threat.
How to Avoid Such Attack
If Firefox uses, type about: config in the address bar.
Write Punycode here in the search bar
In the browser settings, a parameter will appear where network.IDN_show_punycode will be written to it. Double click here and click on its value to change true to false.
There is currently no tricks for Google Chrome, but through Third Party Extensions, you can defend your risk. You will be exposed about the Unicode character website