With Googles release of the DNS top-level-domains .zip
and .mov
a new phishing (mitre att&ck T1566) trick is possible as bobbyrsec wrote about.
Example 1
https://www.google.com/?q=example.text <— FQDN = google.com
Example 2
https://www.google.com/example/text/@v1271.zip <— FQDN = google.com right? No, it is v1271.zip. Because the @ character describes e.g. the authentication of the URL.
Example 3
https://www.google.com/example/text/v1271.zip <— FQDN = google.com
Reason
Result
So doublechecking URLs becomes harder. Using Fido2, Passkeys or password-managers (e.g. bitwarden.com) with auto-fill becomes more important because they dont fall for that trick and are more phishing-resistant.
No comments:
Post a Comment