Welcome to the

AdGuardian Plus Blog

News

A phishing campaign uses Google News as a lure

phishing campaign uses Google News

A clever phishing campaign uses Google News to trick users. This impersonates Google’s news website, by using homographic characters. Thus, attackers redirect unsuspecting users to phishing pages. In these attacks, American Standard Code for Information Interchange (ASCII) letters replace the original characters. This usually goes unnoticed by users.

Phishing attacks using ‘Google.news’

Avi Lumelsky demonstrated the attack. So, he explained using a popular brand name ‘Google News’. He mentioned that the URL uses a homographic character as its first character: ‘ɢoogle.news’, in order to Phish Users’. This looks similar to the original URL – ‘google.news’, although it is different. In fact, in 2016, someone bought ‘Google.com’, in order to use it for phishing purposes. But the researcher also discovered other several fake URLs that impersonated other Google domains. Some of these are: ‘ɢoogle.company’’; ɢoogle.email’; ‘ɢoogle.tv’; ‘ɢoogle.life’ or ‘ɢoogletranslate.com’.

Apart from Google, several other fake domains were also registered. For this, attackers used some well known domain registrars such as GoDaddy and Namecheap.

What the attackers do

These kind of attacks, called homograph attacks, are one of the best weapons. Using them, attackers’ purpose is to steal login credentials and tokens from users. Moreover, attackers could also inject a malicious script into the hijacked HTTP body and execute it on a client browser connecting the fake website.

But the attack isn’t limited to Google. It can also affect other top brands. So, Lumelsky highlighted that “Until there is a solution out there, every big company or service will have to secure their domains and assets, by spending lots of money on similar domain names.” So, the best prevention for companies is to start buying any domain name that might be used by villains to impersonate the original websites.

Users can defend themselves

In order to avoid losing money or online banking credentials, we all have to pay more attention to the links we click on. So, before we access a website, we should make sure that we only use small letters. Also, before clicking a link, we should hover the mouse over it and check the spelling. As a phishing campaign uses Google News, attackers could do this using other big brands’ domains.

Related posts
News

Marketers attack Google's Privacy Sandbox, in the UK

News

No ads to bother us might be the best marketing approach

News

Cybercriminals use a new method to sneak into our inboxes

News

Inrupt brings a privacy service to secure users' data

Sign up for our Newsletter and
stay informed
[mc4wp_form id="14"]

Leave a Reply

Your email address will not be published. Required fields are marked *