The next time you decide to visit Reddit to get your daily fill of world news, funny pictures and silly comment chains, be sure that you take your time when typing in the website address. A malicious site that looks identical to Reddit was discovered over the weekend, and if you’re not careful, you could have your login information stolen.
The fake Reddit is basically indistinguishable from the real thing at first glance. The front page features the same links you’ll find on Reddit.com, which makes it easy to mistake the fake one for the real one, enter your login information up at the top of the screen and realize too late that you’d been fooled. The only discernible difference between the two sites is that the malicious knock-off uses the Colombian top-level domain “.co” instead.
Network security expert Alec Muffett spotted the fake Reddit over the weekend, noting on Twitter that the site appears to have been registered by an individual in London, England. But Muffett then found an IP address connected to the site that came from Ukraine. In other words, something fishy is going on here.
HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 before I could screenshot it. Domain ownership is as-follows: pic.twitter.com/hpucMroumd
— Alec Muffett (@AlecMuffett) February 5, 2018
The primary takeaway here is that anyone who visits Reddit.com (until this site is shut down) is one letter away from accidentally visiting a phishing site instead. But beyond that, the mere fact that Comodo — the registry that issued the domain for the fake Reddit — allowed this to happen is extremely worrying.
“How on earth the .co registry permitted it to be registered is beyond me,” said Muffett.