Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on November 7, 2009

Рhishing for multilingual domain names


Рhishing for multilingual domain names

phishingchartWith all the hype around the soon to be standardized multilingual top level domains and IDNs (internationalized domain names), how good are you in telling the difference between a legitimate domain and a phishing name? Ready? Go!

Which one is legit: paypal.com or рayрal.com? Can’t tell the difference?

The р in the latter domain name (also in the title, by the way) is a Cyrillic glyph that looks identical to the Latin p. There are tons of glyphs from various scripts that are identical. With the exception of Middle-Eastern and East-Asian scripts and some archaic languages, all modern scripts bear a great resemblance to each other.

While phishing filters are designed to look at long domain names such as paypal.com.phishing.com and we are all used to ensuring that the domain name we land on is legit, we are incapable of detecting identically looking glyphs from different scripts.

Never thought magnifying glasses could be a cool security feature, did you?

Get the TNW newsletter

Get the most important tech news in your inbox each week.