• AnonStoleMyPants@sopuli.xyz
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    The bot skips an important point. The site looks really close to the genuine site, only difference being “ķeepass dot info” and not “keepass”. Definitely easy to miss.

    • teawrecks@sopuli.xyz
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      I feel like browsers should flag urls with unicode in their domains as suspicious by default. Maybe they already do, not sure. It’s honestly surprising to me in 2023 if they don’t.

      I wouldn’t mind if FF popped up and said “hey, take another look at that URL” and very clearly drew attention to the weird k character. Of course it would have a “I’m absolutely sure this isn’t a scam, I own this domain or know who owns it and you don’t need to warn me about it in the future” button, but better safe than sorry.

        • rayon@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          1 year ago

          This should be ON by default, in my opinion. Also, I believe Mozilla has a massive opportunity here to demarcate themselves as the more security-conscious browser vendor. “This phishing trick works on all major browsers except Firefox” would be great publicity material.

          • X3I@lemmy.x3i.tech
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Seems to be on by default in Librewolf(I just checked mine from the AUR on Arch), maybe consider that one!

      • Bazz@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I thought that they only show unicode chars if they are used in one of the installed languages of the browser and if not they show the punycode instead 🤔