Reddit users looking to browse through pages of news, topic threads, random tidbits and silly photos - beware. Secure researchers have found a malicious Reddit clone that looks like an exact replica of the real thing, but actually steals your personal details.
First spotted by security researcher Alex Muffett, the website uses the web address "Reddit.co" and features the same layout, design and details as the legitimate Reddit.com. It also seems to accurately pull the top threads from the real Reddit homepage along with the correct number of upvotes for each post.
The fake site seems to be designed to grab the login credentials of visitors should they happen to quickly plug in their details before realising they are on the wrong website.
For anyone typing quickly or letting browser autocomplete lead them to the "right" website, they may be just one letter away from being led to the dubious phishing website and eagerly handing over their username and password.
According to Muffett, the site seems to have been registered to a person in London. However, the IP address linked to the phoney page suggests the scammer may be based in Ukraine. The website's certificate was issued by Comodo.
"How on earth the .co registry permitted it to be registered is beyond me," Muffett tweeted.
At the time of writing the fake Reddit website is still live.
Gizmodo reports that Reddit.co was not registered until July 2010 - five years after Reddit was launched. The URL was previously used to host a porn website and a flash games site.
IBTimes UK has reached out to Reddit and Comodo for further comment.