31
May

Phishing – ESDS VTMScan

Introduction

Phishing is a method used by attackers to trick you into disclosing personal information such as username, password, credit card and banking information. The goal for the attacker is to steal your information and/or your money. The information gathered can be used to open fraudulent accounts in your name or make purchases using your financial information. Phishing attacks commonly use email, phone calls or social media to trick you into revealing your personal information.

Punycode Phishing Attacks

The curiously-named system known as Punycode is a way of converting words that can’t be written in ASCII, such as the Ancient Greek phrase ???????????? (know yourself), into an ASCII encoding, like this: xn--mxadglfwep7amk6b. This makes it possible to encode so-called International Domain Names (IDNs)

If your web browser is displaying “apple.com” in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack (Punycode).

Attacker can register a domain name xn--80ak6aa92e.com and bypass protection, which appears as “apple.com” by all vulnerable web browsers, including Chrome, Firefox and Opera.

PhishTank: PhishTank is a collaborative clearing house for data and information about phishing on the Internet.

Typosquatting: Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter)

ESDS VTMScan Detection Techniques

ESDS VTMScan detects possible Suspicious Punycode Phishing URLs.

It find similar-looking domains an attacker can use to attack you.

It detects Typosquatting Urls.

It tests if MX host (mail server) can be used to intercept misdirected e-mails.

It provides PhishTank data to give you PhishTank reported phishing urls.

Leave a Reply

RSS
Follow by Email