Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:
At the time of writing, PhishLabs analysts are investigating active phishing campaigns making use of emoji domains.
Yes, we did.
Over the past few years, a small number of TLDs such as .WS, .FM, and .TO have started supporting the use of emoji domains. Aside from a tiny number of outliers, registered prior to IDNA2008, gTLDs such as .COM and .NET do not allow for the registration of emoji domains.
These domains are created using punycode, which is then translated by browsers (at least some of them) to display emoji domains.
When translated correctly, they look like this:
Punycode translation: http://xn--4p8h.ws/
If you visit that domain, you’ll be redirected to WarbyParker.com. Neat, huh?
Unfortunately, phishers have found an alternative and less innocent use for emoji domains: to pique the interest of would-be victims, and induce them to visit malicious phishing sites. As we’ve already noted, the phishing sites observed so far have all made use of multiple emoji subdomains. For example:
Punycode translation: xn--e28h5ab3r.xn--ch8hls.ws (Note, this is a simulated example, not a real phishing site)
Right now, this tactic is just that — A new technique being tested by phishers to see whether it will increase the efficacy of their campaigns. Just like emoji domains themselves, it’s difficult to know whether emoji phish will become an established trend, or die out altogether.
Although we can’t be sure as to the purpose of the emoji phishing sites we’ve observed — we haven’t yet tracked down any associated lures — our analysts suspect they are intended to be accompanied by SMS lures. Again, while it’s only conjecture at this point, it seems likely that an SMS-based emoji phishing campaign could see some success, particularly with younger smartphone users.
For now, it’s worth viewing emoji domains with some cynicism. When in doubt, go for the traditional URL (if available) or avoid them altogether. If they continue to be a threat, we’ll put out further updates on emoji phishing campaigns in the near future.
*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Olivia Vining. Read the original post at: https://info.phishlabs.com/blog/threat-announcement-phishing-sites-detected-on-emoji-domains
The European Medicines Agency (EMA) says it was hacked by persons unknown.
Leading UK Credit Card Consumer Finance Company Uses Advanced Graph Analytics to Intercept Fraudulent Credit Card Applications, Boost Anti-Fraud Efforts…
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…
1. Be a student of (information security, network security, cyber security). Always strive to know what the latest tactics, trends,…