Next time you decide to visit Reddit to get your daily world news, funny pictures and silly comment chains, be sure to take your time when typing the website address. A malicious site that looks identical to Reddit was discovered over the weekend, and if you are not careful, you could have your login information stolen.
At the first glance, the fake Reddit is basically indistinguishable. The front page features the same links that you will find on Reddit.com, which makes it easy to mistake the fake one for the real one, enter your login details at the top of the screen and realise that it is too late and you have been fooled. The only major difference between the two sites is that the malicious knock-off uses the Colombian top-level domain ".co" instead of ".com".
Network security expert, Alec Muffett, spotted the fake Reddit website over the weekend, posting to Twitter that the site appears to have been registered by an individual in London, England. But Muffett then found an IP address connected to the site that came from Ukraine. In other words, something fishy is going on here.
HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 before I could screenshot it. Domain ownership is as-follows: pic.twitter.com/hpucMroumd— Alec Muffett (@AlecMuffett) February 5, 2018
Anyone that uses Reddit.com is literally one letter away from accidentally visiting a phishing site instead. Beyond that, the fact that this person, behind the fake Reddit website, got it right to register Reddit.co is extremely worrying.
“How on earth the .co registry permitted it to be registered is beyond me,” said Muffett.