Phishing using @-URL trick in DNS .zip domains

With Googles release of the DNS top-level-domains .zip and .mov a new phishing (mitre att&ck T1566) trick is possible as bobbyrsec wrote about.

Example 1  <— FQDN =

Example 2 <— FQDN = right? No, it is Because the @ character describes e.g. the authentication of the URL.

Example 3 <— FQDN =



So doublechecking URLs becomes harder. Using Fido2, Passkeys or password-managers (e.g. with auto-fill becomes more important because they dont fall for that trick and are more phishing-resistant.

No comments:

Post a Comment

Almost perfect protection for websites and other services - Mutual TLS

Its hard to secure your IT services and applications. The list of possible attacks is long, as shown in the Mitre Att&ck framework , the...