Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Facebook's Phishing Detection Tool Now Recognizes Homograph Attacks
#1
[Image: YwMM9XJ.png]

Quote:Facebook has updated a phishing detection toolkit it developed two years ago. The update now allows webmasters who sign up for the tool to detect homograph (Unicode-based lookalike) domains created for their websites.

The tool in question is named Certificate Transparency Monitoring, a Facebook-hosted application. Any website owner can sign-up for free for this service using their Facebook account.

Webmaster can add their domains to a dashboard, and Facebook's tool will scan public Certificate Transparency (CT) logs.

CT logs hold information about new domains that recently obtained an SSL certificate, and they are about to become mandatory for browsers.

Facebook's tool will warn website owners about new sites found in these CT logs that use a similar name to theirs.

Facebook launched this tool in 2016 on the premise that if someone gets an SSL certificate for a site with a domain very similar to another, they are most likely to carry out a phishing attack to collect user credentials or financial information.

Support for homograph attacks
Today, Facebook updated the Certificate Transparency Monitoring tool with a new feature to detect a new type of phishing attack that has become very popular in the past year.

The new attack is called an "IDN homograph attack" and is the practice of registering domains with internationalized Unicode characters in its name.

For example, users can register coịnbạse.com, which will be a totally unique domain in the eyes of a computer. (Take a closer look at the domain again to notice the small dots under the "i" and "a" characters.)

Such attacks have become quite prevalent, with several incidents reported in the past year alone [1, 2, 3].

Support for homograph attacks comes to complete the tool's ability to detect other types of mangled domains, such as those that combine different words (helpdesk-facebook[.]com), common misspellings (faecbook[.]com), or those who nest multiple subdomains to hide the real domain offscreen (facebook[.]com.long.subdomain.that.will.not.be.fully.shown.on.mobile.devices.com).

Tool also gets email alerts
Furthermore, Facebook has also added the ability to alert domain owners via email when a new suspected phishing domain pops up in CT logs.

Past reports and surveys have shown that phishing attacks are usually the most effective in the first few hours after a phishing campaign starts, so, getting alerts and acting as quickly as possible may avert a serious cyber-security incident for your users or employees.

Once domain owners are aware of such domain, they can contact the certificate authority that issued it to have it revoked, contact browser vendors to blacklist the domain, reach out to domain registrars to suspend it, and also alert staff or users about an incoming attack.

In case some webmasters don't own a Facebook account, there are self-hosted alternatives to this tool, such as Certstreamcatcher. Another tool that monitors CT logs, but doesn't alert you about phishing domains, is Cert Spotter.

Facebook's devs have a small obsession with detecting phishing attempts, and for a good reason, as they have to guard over 2.2 billion users. In the past, they have added anti-phishing features to Facebook accounts, but have also awarded prizes for novel anti-phishing techniques.

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Facebook makes key Instagram security tool Pysa available to users dhruv2193 1 1,719 11-25-2023 , 09:16 AM
Last Post: Patrick77
  Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam mrtrout 2 1,009 05-29-2023 , 03:41 PM
Last Post: Kai Brooks
  Low-Detection Phishing Kits Increasingly Bypass MFA Mohammad.Poorya 0 900 02-04-2022 , 05:29 PM
Last Post: Mohammad.Poorya
  Microsoft Warns of Widespread Open Redirects Phishing Attacks tarekma7 0 522 09-04-2021 , 02:58 PM
Last Post: tarekma7
  10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express Bjyda 0 1,029 02-23-2021 , 11:16 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)