google-site-verification: google30a059f9a075f398.html

Warning:Well-positioned Reddit clone is out to grab users’ login credentials

CyberWisdom Safe Harbor Commentary on Reddit Clone

A must-read story from defines a little known that the popular social news aggregator Reddit site have been convincingly cloned as the domain. The author apparently does not expect the user to discover for what it is: a website designed to collect the user’s username and password.

HEADSUP: People should be cautioned on information security at @Reddit. (Phishing?) The domain reddit (.) Uses the Columbia TLD website together – is a perfect visual Reddit for MITM.

Share this with Reddit users.

Reddit clone site

Security researcher Alex Muffett sounded the alarm on Sunday instead of noticing the Reddit team and was still waiting for Google’s secure browser to mark the site as malicious.

The fake website home page looks very much like Reddit, although clicking any non-Reddit photo or video post will return the HTTP ERROR 500 page.


Reddit phishing

As the author is writing this, the site is still up.

People behind fake websites also get SSL certificates so that users can see HTTPS and trust them on the “secure” site for encrypted connections:

As I was writing this, the site is still there.

Bigger problem on Reddit clone

“Do not misunderstand, this is a valid scam,” said Azeem Aleem, RSA’s director of advanced cyber-defense practices for Europe, the Middle East, and Africa.

“They spent a lot of time and effort creating a very realistic website and even displaying a secure SSL certificate in a browser window, which is well designed and enforced, underlining the real dangers of modern spoofing attacks. It is troubling that these complex scams collect personal information, but what is even more worrisome is that these stolen data will be used to steal information because the stolen credentials are used to undermine the victims’ other accounts, and to friends, colleagues And family complex phishing attacks. ”

He pointed out that time is of the essence for Reddit, and companies need to warn users about the site.

“It’s not just websites like – last year, more than 14,000 certificates were used to set up phishing sites that cheated PayPal, which shows the power of the cybercriminals to padlock them to deceive unsuspecting victims The case is credible and undermines the brand’s reputation via the Internet, “said Kevin Bocek, chief cybersecurity officer at Venafi.

“This attack is part of a bigger problem that harms the trust system used throughout the internet and explains why there is a need to build a new trust system based on reputation.The answer is a certificate credit rating to help people know What is trustworthy. ”

“This site was previously hosted by Porno, which is not a real Reddit-owned domain, was issued by Comodo, and genuine Reddit uses DigiCert-produced certificates, all of which were rated as long ago by Reddit as being flagged for repair Things, “he explained.

“Free certificates provide very little validation, but users think they are sacred. If people can not believe the websites they visit are real, our digital world may start to crash.” Now the corporate security team needs to take action because no one else will protect you from bad guys. ”

Read more…

A convincing clone of the popular social news aggregation and discussion

site Reddit has been spotted on the domain. The author is obviously counting on users not to spot it for what it is: a site meant to harvest users’ username and password. HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 More → Engaging post, Read More…

thumbnail courtesy of


If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Warning:Well-positioned Reddit clone is out to grab users’ login credentials