• Home
  • Domains
  • Internet & Tech
  • Security & Privacy
  • Google & Search
  • Editorial Praise
  • Contact

Strategic Revenue - Domain and Internet News

Internet news authored by John Colascione

Register Domain Names

  • Isn’t Print Dead?
  • Killer Acquisition
  • New gTLD Death
  • Online Censorship
  • Gullible Domainers
  • You’re A Loser
You are here: Home / Domain Names / Major Security Vulnerability Due to IDN Domains; Don’t Get Phished Out of Business

Major Security Vulnerability Due to IDN Domains; Don’t Get Phished Out of Business

April 16, 2017 By John Colascione 7 Comments

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***






NEW YORK, NY – This is the most dangerous and convincing phishing trick I have ever seen before. It’s so amazingly horrible it will fool even the smartest computer users and it’s an issue that all browser companies should be fixing immediately. Browsers should be updated to prevent these Unicode domains from being translated.

Once again our friends at WordFence are keeping all of us safe with critical information on this phishing trick and helping build awareness about it.

This is just horrendous. Horrendous!

 To see what is going on simply click this link https://xn--e1awd7f.com.

If you’re using Chrome or Firefox it is going to look like ‘epic.com’ and it is going to show up as being secure.

THIS MEANS THAT ANY LINK YOU VISIT FROM ANYWHERE, EMAIL, A WEBSITE, ANYWHERE NOT DIRECTLY TYPED IN, – COULD BE FAKE. YOU NEED TO BE SURE YOU ARE ON THE AUTHENTIC SITE BEFORE YOU LOGIN ANYWHERE, AND A SECURE LOCKED HTTPS ADDRESS-BAR NO LONGER MEANS YOU’RE SAFE.

The article below from WordFence will show you how to change a setting on your Firefox browser to prevent these URLs from working or translating the Unicode. If you have Chrome, there is no fix yet.

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

John Colascione 2024
John Colascione

About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®

Filed Under: Domain Names, Security Issues Tagged With: Browser, Browsers, Chrome, Computer, Computers, Dangerous, Firefox, Phishing, Phishing Scam, Phishing Scams, Punycode, Security Vulnerabilities, Trick

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***






Comments

  1. Eric Lyon says

    April 17, 2017 at 1:24 pm

    It’s sad to see phishing cases like this. There has to be something that can be done to better identify IDN’s in browsers. It would be beneficial for them to implement a security icon when an IDN is detected automatically that alert users that the URL is in fact, an idn domain. It shouldn’t be that hard to do. They can auto detect them using the same technology that detects SSL’s.

    Reply
    • John Colascione says

      April 17, 2017 at 3:17 pm

      I agree very very sad; I almost couldn’t even write about it becuase it was like a through-in the towel type of vulnerability., but more people need to know about this.

      Reply
      • Conor says

        April 24, 2017 at 1:13 pm

        This is nothing new, IDN’s have been around for years and as Eric said it shouldn’t be hard for big game broswer developers to implement an IDN ‘light’, when visiting an IDN domain, the same way the green ‘https://’ lights up for an SSL.

        I do feel sorry for the people buying these domains on marketplaces where they think they are getting what they see and not what it really is eg. x– (punycody)

        Reply
  2. Francois says

    April 24, 2017 at 9:39 am

    Damn! You are right, this is simply incredible/terrible.

    This simply means you cannot even trust the domain you see in the address bar, ouch!

    Reply
  3. Mgon says

    April 24, 2017 at 1:23 pm

    “Chrome has just released version 58.0.3029.81. We have confirmed that this resolves the issue and that our ‘epic.com’ test domain no longer shows as ‘epic.com’ and displays the raw punycode instead, which is ‘www.xn--e1awd7f.com’, making it clear that the domain is not ‘epic.com’. We encourage all Chrome users to immediately update to the above version of Chrome to resolve the issue.”
    https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

    Reply
  4. EM@MAJ.com says

    April 24, 2017 at 3:09 pm

    That’s why we educate people not to click on a link from any an email.

    Reply
  5. Sybille says

    February 1, 2018 at 8:15 am

    As seen on Facebook just now.
    Someone try to sell ca.com (but its IDN xn--80a7a.com)

    https://bitify.com/auctions/download-bots/domain-name-ca-com-for-sale-1019067/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search This Site

by: John Colascione

John Colascione

Best Site for Things to Do While Visiting Florida
John Colascione is Chief Executive of Internet Marketing Services Inc. He specializes in Website Monetization, authored a book called Mastering Your Website, and is a key player in several Internet businesses through his brand SEARCHEN®

#Indiana.com

GEO domain name

Follow Me

John Colascione Twitter

The First Fiction Horror Story Based Entirely On An Internet Domain Name

The First Fiction Horror Story Based Entirely On An Internet Domain Name
A cyber thriller where the countdown to death is always ticking…

USED CARS ENTERPRISE

auto buyers market
Auto Buyers Market – Shop Used Cars by Participating Dealers at autobuyersmarket.com

In The News

  • DNJournal: New Book From Veteran Domainer
  • From Brandable to Exact-Match Geo Domain
  • InnovateLI: Two Deals, One Very Interesting Digital
  • Internet Commerce Association: John Colascione
  • NamesCon: Featured Attendee: John Colascione
  • Long Island Media Inc, SmartCEO, Future 50
  • Speakers, Name Summit, John Colascione
  • Speakers, Real Estate Summit, John Colascione
  • 24 Leading Domain Experts Analyze 2017

Popular Stories

Did DuckDuckGo Just Acquire Premium Domain “Duck.com” from Google?

New gTLD? Not So Fast; History Suggests New ‘Right of the Dots’ Could = Total Failure

Could Domain Investing Industry End with Legal Provision for Domain “Hoarding”

Websites and Domain Names to Become Insignificant within 20 Years or Less

Does the Domain Industry Suffer From Own Versions of Trumpted “Fake News” Stories?

Quotes to Follow

quote icon The domain name is equivalent to Gold. It is the only packaged item which is globally tax-free, portable, with value that is universal across different cultures. quote icon – Frank Schilling

quote icon Domains have and will continue to go up in value faster than any other commodity ever known to man. quote icon – Rick Schwartz

quote icon  Google knows you, your friends, your likes, what entertains you, where you are in the world at any given time. Google will soon predict your next action, your next thought, based on a collaboration of thoughts past. quote icon – John Colascione

Like These Headlines?

Enter your email address:

Delivered by FeedBurner

T.L.D. Brokerage

Domain Brokers

Master of My Domain: The Power of the Publisher – Reality of Digital Journalism

WEST PALM BEACH, FL - There’s a power that comes with publishing that most people will never fully understand - unless they’ve had the experience of pushing the button and watching their words go … [Read More...]

Google’s Search Market Share Dips Below 90% for First Time in Decade

MOUNTAIN VIEW, CA - Google's global search engine market share fell below 90% in the final quarter of 2024, marking the first time since 2015 that it has dipped under this threshold. Regional … [Read More...]

Aflac Hit by Sophisticated Cyberattack: What Victims, Businesses Need to Know

COLUMBUS, GA - Aflac Incorporated, a leading supplemental insurance provider, disclosed that its U.S. systems suffered a cyberattack on June 12, 2025, potentially exposing sensitive customer data. The … [Read More...]

Domaining blog recommended by Domaining.com

Copyright © 2010-2025 StrategicRevenue.com - Property of Internet Marketing Services Inc.   FeedBurner: RSS
By using this site you agree to our Terms of Service and Privacy Policy. If you do not agree, please exit the service.