Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
A Convincing Fake Reddit Site Is Stealing User Passwords
#1
[Image: VjWoAo5.jpg]



Quote:Reddit refers to itself as "the front page of the Internet," and with good reason. The immensely popular site is the fourth most popular site in the U.S. It's visited by nearly a quarter billion unique users every day.

It's only natural that cybercriminals would look for ways to take advantage of its popularity. One way they're doing it: by building a fake Reddit site that's so convincing it's tricking users into handing over their usernames and passwords.

That's the landing page you're looking at, as captured by security researcher Alec Muffett. At first glance, there's not much that would tip a visitor off that it's fake. Look closer, however, and the scam becomes clear. The first clue is the site's address. It's not Reddit.com, but rather Reddit.co -- a domain that's supposed to be reserved for sites in Colombia.


The criminals behind this scam are using a technique called typosquatting. They've registered an address that's so close to the real one that most people won't realize they've taken a wrong turn, so to speak. Especially not when they're looking at what appears to be the website they thought they were visiting.

What makes the fake even more convincing is that appears to be secure. Your browser will show the green lock icon to signify that it's safe. If you were to click the icon to see who says it's safe, however, the Reddit.co certificate will say Comodo. Not DigiCert, who issued the real certificate for the real Reddit.

Even if you don't dig that deep, there's another clue that something isn't right here. There's no promoted post at the top of the list and the front page ads don't appear.

Still, these aren't the sort of details anyone who just types Reddit.com into their web browser is likely to notice. Even savvy users have been tricked by scams like this one. If you're worried you may have accidentally wound up on the fake site, click here to go to Reddit and reset your password.

Once you're done, give yourself a typo-proof way to go back to Reddit in the future. Adding it to your favorites/bookmarks (you should be able to press control and D to do that) lets you click through instead of typing.

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Fake TSA PreCheck sites scam US travelers with fake renewals mrtrout 0 488 11-20-2021 , 11:55 PM
Last Post: mrtrout
  Password-Stealing Windows Malware has been Discovered mrtrout 0 748 07-24-2021 , 02:32 AM
Last Post: mrtrout
  U.S. DOJ warns of fake unemployment benefit websites stealing data Bjyda 0 972 03-07-2021 , 10:59 PM
Last Post: Bjyda
  On November 12, Kaspersky’s Global Research and Analysis Team heads to Reddit for an mrtrout 0 1,044 11-02-2020 , 08:04 AM
Last Post: mrtrout
  Hackers hit NutriBullet website with credit card-stealing malware sidemoon 0 1,348 03-18-2020 , 06:48 PM
Last Post: sidemoon

Forum Jump:


Users browsing this thread: 1 Guest(s)