Trusted sites

Trusted Sites Actually Deliver Phishing Attacks: Here’s How

Hackers can take advantage of a vulnerability on websites and are aiming straight at victims with phishing scams.

While it may seem that trusted sites with domain names you recognize are likely safe, they’re not always what they appear to be. Hackers have discovered a vulnerability in websites that seem secure, yet what they really do is push phishing scams your way.

The best way to protect from such an attack is using an all-purpose online safety app such as  dfndr security, which is packed with antivirus and anti-phishing detection to guard your Android phone against hacker threats.

Read More: 5 Phishing Clues to Look for in Emails from Your Contacts

The more you know how these phishing scams are perpetrated, the better prepared you’ll be for a potential attack. Here’s what you should know.

More Than ⅓ of Trusted Sites May Be Vulnerable
A recent study discovered that out of the top 100,000 sites based on Alexa’s rankings, 42% may be at risk of being hacked. The software used for these sites are not always fully secure, paving the way for hackers to take advantage. The study also found 80,000 phishing sites in 2017, 80,000 of which are reportedly secure.

The vulnerabilities may appear on all sorts of websites, but the most popular targets are business sites, as well as adult and pornography domain names. Other websites that may be compromised include uncategorized sites, parked sites, shopping outlets, gambling hotspots, news, and media domain names, as well as personal blogs.

The Character Conversion Vulnerability
One sign of security that we all know about is websites that use the https:// prefix, along with the little green padlock that touts a website as being secure. However, hackers are able to exploit a vulnerability that can make a fraudulent site mimic the exact appearance of a real website, especially when it comes to websites that don’t use the Latin alphabet.

Common targets are domain names that use Chinese characters or Cyrillic. English-based browsers have to convert these characters into English using Punycode, which translates them. It’s through this conversion process that cybercriminals thrive and “break-in” within this process.

Internet users believe that they are opening a familiar domain name, even though they are taken to a different URL and web server. Following this process, phishing scams are pushed take over by asking you for personal information that can later be used for criminal purposes.

How to Avoid These
Always be cautious of any website that asks for personal information and always update your browser regularly since updates usually fix vulnerabilities and bugs. Take a close look at the link address for extra words that seem out of place for a trusted site and scan any information once the site has loaded for anything out of the ordinary.

Ultimately, the best way to avoid falling prey to a phishing scam that appears to be legitimate is by getting a security app that flags these threats for you.