Primitive phishing protection
Phishing - creating an exact copy of another site in order to force the user to enter their password or other data.
Here is a typical phishing example:
')
The link text is vkontakte.ru, and the href links are vk0ntatke.ru, a phishing site.
So why not make the simplest phishing protection?
If the domain in the text of the link and the href link are different, then give the user a big red warning explaining what phishing is.
This protection can be embedded either in email web services and programs, or in the browser itself (just an add-on to Firefox, of course, is not an option - 99% of people will not install it).
At one time, phishing sites used a loophole with Cyrillic letters in the domain name (paypal.com with Cyrillic "a") - then it was covered, they began to display a warning. Likewise, this loophole must be closed.
After all, there are people from Yandex, take note.
Here is a typical phishing example:
')
The link text is vkontakte.ru, and the href links are vk0ntatke.ru, a phishing site.
So why not make the simplest phishing protection?
If the domain in the text of the link and the href link are different, then give the user a big red warning explaining what phishing is.
This protection can be embedded either in email web services and programs, or in the browser itself (just an add-on to Firefox, of course, is not an option - 99% of people will not install it).
At one time, phishing sites used a loophole with Cyrillic letters in the domain name (paypal.com with Cyrillic "a") - then it was covered, they began to display a warning. Likewise, this loophole must be closed.
After all, there are people from Yandex, take note.
Source: https://habr.com/ru/post/47313/
All Articles