Domain Name Scamming!

[Jan Gaarni]

Earlier this week a notice was made, warning people about scammers and such.

 

You may think, well, what else is new. The net is filled with scammers.

 

Well, since after you were able to use national letters (in example norwegian æÆ, øØ, and åÅ) in the addressfield, the threat has increased significantly.

 

Everyone knows of the famous replacing the O with a 0 (zero), like MICR0S0FT.com, and abusing that to trick people.

It’s usually easy to spot it if you are awake and pay attention when clicking links.

 

But what happens when you no longer are able to recognise wether it is an a or an a?

 

Confusing?

Example: the Russian letters a, e, o, and y looks fairly similar to the latin a, e, o, and y. For us mortal people, this is pretty much impossible to spot. But in the computerworld (binary kode) the difference is obvious and both letters are treated as 2 different letters. Someone could make a fake PayPal site under the .com domain (and probably already have, so stay alert) and use the Russian a instead the propper a. They can then lure you into this website and, if you are particulary “unlucky”, scam you for your money.

 

Mozilla 1.7.5, Firefox 1.0, Konqueror 3.2.2 and Opera 7.54 have this problem, according to Secunia. Micrososft IE does not have this exact same problem, but are subject to other problems which has similar effect.

 

If you want to test if you are vunerable to this spoof, click here.

It should take you to a fake PayPal site created by Secunia if you are affected.

 

 

The easiest way to avoid this problem is to type in the address manually in the addressfield, rather than copy and paste, or clicking on a link from a mail informing you they have registered some inregularities on your account at for instance PayPal (I’ve received a couple of these already).

 

The other way is to disable the IDN feature on your browser.

How you do that you will have to go to your browsers own webpages to see if they have any solutions there.

For Firefox users (such as myself ), you can go here.

It’s only a temp solution as far as I understand.

 

I don’t really see how they can fix this though, unless national letters are banned again.

 

 

More links for info on this:

Secunia

The Register

The Schmoo Group

The Homograph Attack

IDN Permissible Code Point Problems

[Revan Solo]

Ahh?

 

Ohh!

 

 

Is it dangerous for those who go to those sites?

[Jan Gaarni]

None of the links I've provided are dangerous, I've checked them out myself.

 

If an email sounds suspecious, even if it seems as if it's comming from a site you know you are part of (again, for example PayPal), if there are any links there type them in manually in the addressfield.

 

If it asks you to go to a certain site and re-enter your password and username because of such and such reason, be vary of it.

[Kurgan]

I get regular scam emails claiming to be from Paypal, insisting that somebody is trying to 'access my account illegally' and that I need to "verify" it, etc. Ditto from ebay.com.

 

Thankfully I didn't fall for it, but I began to wonder (and went to the real site to check my account, typing it in manually awhile back) after I saw numerous other "verify your account to avoid abuse" type messages from all sorts of services that I've never even thought about signing up for.

 

I use Opera too (far more than IE), so the vulnerability affects me (for now), but at least I know about it, so thanks for the extra heads up!

 

Hopefully the browser makers will get wind of this and update to fix it.

[Jan Gaarni]

Indeed, someone could even make a fake LucasForums, stealing peoples login details by having them type it in, then mess them up just for fun. And we know people have attacked us in the past.

 

So if anyone gets a mail from LucasForums asking them to re-enter their login info, it's probably not from us.