Chrome And Safari Warning—If You See This, You’re Being Hacked
Do not use these websites
NurPhoto via Getty Images
Updated on Jan. 27 with a new defense against these dangerous websites.
If you find yourself on one of these malicious websites and do not detect the threat quickly enough, you risk losing accounts, credentials and data. This is worse when it comes to Chrome or Safari on your phone, where spotting threats is harder.
That’s the case with a new warning reported by Cybersecurity News: “Hackers are using the ‘rn’ typo trick to impersonate Microsoft and Marriott in a new phishing attack.” That tactic to use an ‘r’ and an ‘n’ to replace a “m’ in a URL on a small screen ”creates fake websites that look nearly identical to the real ones.”
Homoglyph attacks, where “attackers exploit visually similar characters to deceive users or systems, (are) used in phishing, domain impersonation, and software supply chain intrusions—often with high success rates. They’re dangerous because the fake often looks exactly like the real thing.”
Cybersecurity News says two recent attacks leveraging the “r+n” technique have targeted Microsoft and Marriott. Of the two, the Microsoft attack is clearly the more dangerous. Stealing those credentials or hijacking those accounts is invaluable.
“The security firm Anagram, highlighted a similar campaign targeting Microsoft users. Phishing emails in this campaign use the domain rnicrosoft.com to send fake security alerts or invoice notifications.”
While you can hover to check URLs before clicking through, most users don’t, The most critical advice is never to log into any accounts — Microsoft, Marriott or any other — via a link from any kind of message or email. Instead use your app or usual website.
New domains detected
Cybersecurity News
You should also ensure passkeys and two-factor authentication are enabled on all key accounts, which certainly includes Microsoft.
Given this new warning, you should also be mindful of URLs with domains that start with or include the letter ‘m.’ It’s worth taking care given how hard this ‘r+n’ is to detect.
Meanwhile, a new update from 1Password clearly shows that fake websites designed to steal user credentials can be stopped without those users having to letter check all URLs, looking for “r+n” or similar trickery on small screen devices.
As Bleeping Computer explains, “the 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors.”
So, how does this work? “1Password will not fill in a user’s login data when visiting a website with a URL that does not match the one stored in their vault.”
Per Ghacks, “the update adds visible pop-up alerts when users visit URLs that appear risky, including domains that closely resemble legitimate sites but may be controlled by attackers.” Exactly as we’re seeing here with the Microsoft and Marriott attacks.
This is “rolling out now” and should just work with any settings changes. It’s good that 1Password is making the change, but this needs to become standard for all password managers, checking URLs before autofilling credentials on popular websites.
First Appeared on
Source link
