There is a case where you access the fake site even though it is a correct URL


TREZOR, which provides an online wallet service for cryptographic currencies such as bit coins, reported on the blog that "traffic is hijacked" in some cases.

[PSA] Phishing Alert: Fake Trezor Wallet website - TREZOR Blog
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced

July 2, 2018, TREZOR announced on their blog that their wallet service is being attacked. According to the blog, TREZOR 's support team received a query from the customer about an unauthorized SSL certificate that the situation was discovered. The image when accessing the fake phishing site published by TREZOR is as follows and the domain displayed in the URL is the same as the correct site "wallet.trezor.io", but for https communication The SSL certificate to be used is incorrect and you can see that "Not secure" is displayed in the address bar of the browser.



I do not know the method used for the attack, but even if I enter the correct URL, since I accessed the fake site, it is possible to think of methods such as DNS cache poisoning and BGP hijacking . BGP Hijack is an attack used to hijack Internet traffic and was used in the following cases in 2017 and 2018 in the following cases.

Amazon's DNS service "Route 53" is attacked and virtual currency with a market price of 16 million yen is deprived from users



Telecommunications carriers managed by the Russian government hijack Internet traffic of financial services - GIGAZINE



In addition to checking whether the URL of the website you are accessing is correct, you can check whether the site you visited is really a site with that URL by using https (SSL) for communication. TREZOR makes a comment on "twitter" to make sure that you are doing legitimate https communication ".


If you connect to fake site via https, you get a certificate error, but in case of http connection you can not notice that you are connected to fake site. Google announces a policy to make sure that the indication "unsafe" appears when connecting with http with Chrome browser.

Google intends to display sites not protected by HTTPS clearly as "unsafe" in the Chrome browser - GIGAZINE

in Web Service,   Security, Posted by log1d_ts