Prevent "public gateway phishing" in migration screens #22
Labels
apps-private-gateways
Applicable to the desktop and Android gateways
enhancement
New feature or request
Describe the problem
An attacker may set up public gateways on domains that look like one from Relaycorp (e.g.,
frankfurt-relaycorp.cloud
) and then convince their victims to migrate to that gateway. Or they may use domain names containing the word "Relaynet" (e.g.,relaynet-gateway.com
) to pass off as an "official" gateway.Describe the solution you'd like
Block domain names containing the words "Relaycorp" and "Relaynet", but allow subdomains of
.relaycorp.cloud
. Also block misspellings of the two words (e.g., "Relaycopr", "Relyanet", "relay-net"). Punctuation should also be ignored, meaning that a domain likerelay.net
orrelay.corp.cloud
should still be blocked.The text was updated successfully, but these errors were encountered: