A clever phishing campaign uses Google News to trick users. This impersonates Google’s news website, by using homographic characters. Thus, attackers redirect unsuspecting users to phishing pages. In these attacks, American Standard Code for Information Interchange (ASCII) letters replace the original characters. This usually goes unnoticed by users.
Phishing attacks using ‘Google.news’
Avi Lumelsky demonstrated the attack. So, he explained using a popular brand name ‘Google News’. He mentioned that the URL uses a homographic character as its first character: ‘ɢoogle.news’, in order to Phish Users’. This looks similar to the original URL – ‘google.news’, although it is different. In fact, in 2016, someone bought ‘Google.com’, in order to use it for phishing purposes. But the researcher also discovered other several fake URLs that impersonated other Google domains. Some of these are: ‘ɢoogle.company’’; ɢoogle.email’; ‘ɢoogle.tv’; ‘ɢoogle.life’ or ‘ɢoogletranslate.com’.
Apart from Google, several other fake domains were also registered. For this, attackers used some well known domain registrars such as GoDaddy and Namecheap.
What the attackers do
These kind of attacks, called homograph attacks, are one of the best weapons. Using them, attackers’ purpose is to steal login credentials and tokens from users. Moreover, attackers could also inject a malicious script into the hijacked HTTP body and execute it on a client browser connecting the fake website.
But the attack isn’t limited to Google. It can also affect other top brands. So, Lumelsky highlighted that “Until there is a solution out there, every big company or service will have to secure their domains and assets, by spending lots of money on similar domain names.” So, the best prevention for companies is to start buying any domain name that might be used by villains to impersonate the original websites.
Users can defend themselves
In order to avoid losing money or online banking credentials, we all have to pay more attention to the links we click on. So, before we access a website, we should make sure that we only use small letters. Also, before clicking a link, we should hover the mouse over it and check the spelling. As a phishing campaign uses Google News, attackers could do this using other big brands’ domains.