With all the hype around the soon to be standardized multilingual top level domains and IDNs (internationalized domain names), how good are you in telling the difference between a legitimate domain and a phishing name? Ready? Go!
Which one is legit: paypal.com or рayрal.com? Can’t tell the difference?
The р in the latter domain name (also in the title, by the way) is a Cyrillic glyph that looks identical to the Latin p. There are tons of glyphs from various scripts that are identical. With the exception of Middle-Eastern and East-Asian scripts and some archaic languages, all modern scripts bear a great resemblance to each other.
While phishing filters are designed to look at long domain names such as paypal.com.phishing.com and we are all used to ensuring that the domain name we land on is legit, we are incapable of detecting identically looking glyphs from different scripts.
Never thought magnifying glasses could be a cool security feature, did you?