Show IDN punycode in Firefox to avoid phishing URLs

Mattias Geniar, Monday, February 19, 2018

Pop quiz: can you tell the difference between these 2 domains?

Both host a version of the popular crypto exchange Binance.

The second image is the correct one, the first one is a phishing link with the letter 'n' replaced by 'n with a dot below it' (U+1E47). It's not a piece of dirt on your screen, it's an attempt to trick you to believe it's the official site.

Firefox has a very interesting option called IDN_show_punycode. You can enable it in about:config`.

Once enabled, it'll make that phishing domain look like this:

Doesn't look that legit now anymore, does it?

I wish Chrome offered a similar option though, could prevent quite a few phishing attempts.

 



Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Comments

Paolo Priotto Tuesday, February 20, 2018 at 14:21 - Reply

1. If I visit that web site with Firefox, I get a warning saying “Fraud Website blocked – warning provided by Google Safe Browsing”
2. According to https://wiki.mozilla.org/IDN_Display_Algorithm#Algorithm, Firefox should have sane defaults for when to fall back to punycode (apparently the “dot below n” is considered discriminating enough).


Leave a Reply

Your email address will not be published. Required fields are marked *