- California aims to strengthen data breach notification law Thursday 5:37 PM
- Feds say college student operated drug business through gaming app Thursday 4:36 PM
- Trump is again using old videos to claim his border wall is ‘under construction Thursday 4:05 PM
- Laura Loomer led a second protest at Twitter yesterday Thursday 3:37 PM
- The eyes have it in these ‘Alita: Battle Angel’ memes Thursday 2:13 PM
- Facebook let advertisers target users interested in infamous Nazis Thursday 1:58 PM
- Dem senator promises to put net neutrality on the ‘political hot seat’ in coming months Thursday 1:28 PM
- Someone figured out that Toothless from ‘How to Train Your Dragon’ looks just like Bulbasaur Thursday 12:44 PM
- Disturbing Snapchat video shows 17-year-old throwing dog on trampoline Thursday 12:16 PM
- How to watch the new Bon Appetit channel for free Thursday 12:03 PM
- Eminem disses Netflix for canceling ‘The Punisher’ Thursday 11:50 AM
- Florida prisons sued for depriving inmates of music they paid for Thursday 11:36 AM
- Chris Hemsworth will become Hulk Hogan for Netflix biopic Thursday 11:29 AM
- Fortnite just introduced a K-Pop skin, and here’s how to unlock it Thursday 11:06 AM
- The YouTuber who exposed the site’s ‘softcore pedophile ring’ is under attack Thursday 10:39 AM
Our advice: Bookmark your favorite websites.
Be careful what you type in your browser’s address bar. A small error could hand your private information over to bad actors.
Scammers appear to have made a malicious Reddit clone using the web address “Reddit.co,” the Next Web reported Monday. First discovered by security researcher Alec Muffett, the website looks like an exact replica of the popular social network. It convincingly pulls the top threads from the original website and includes the correct number of upvotes for each post.
But look closer, and you’ll notice the web address is missing the “m” in “.com,” a tiny deviation and the difference between the legitimate news aggregator and a phishing site. Users who don’t realize they are on the wrong webpage may be handing their username and password over to a scammer.
HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 before I could screenshot it. Domain ownership is as-follows: pic.twitter.com/hpucMroumd
— Alec Muffett (@AlecMuffett) February 5, 2018
Muffett said the domain was registered by someone in London, but the IP address suggests it could come from Ukraine. He is shocked at how the website domain was permitted by the registry. The certificate for the domain was issued by cybersecurity company Comodo. It’s not clear how the webpage snuck through its filters.
At this point, most major social networks have purchased misspelled domain names and redirected them to the correct address. For example, Facebook.co will still take you to Facebook.com. As Gizmodo points out, Reddit.co remained unregistered five years after Reddit was created and hasn’t been picked up by the website since. In the past, it was used to house a porn site and flash games site.
The best way to avoid visiting the malicious Reddit site is to add the correct domain to your bookmarks. Alternatively, you can rely on autofill. Whatever you do, don’t try typing “Reddit.com” in each time, or you may make one very costly mistake.
The Daily Dot reached out to Reddit, and we’ll update this article if we hear back.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.