Rub shoulders with leading experts and industry disruptors at TNW Conference →

The heart of tech

This article was published on November 7, 2009


    Рhishing for multilingual domain names

    Рhishing for multilingual domain names
    Fawzi Rahal
    Story by

    Fawzi Rahal

    Based in Dubai, Fawzi Rahal is the Editor of The Next Web Middle East and Regional Communications Director at G2. Follow him via Twitter. Yo Based in Dubai, Fawzi Rahal is the Editor of The Next Web Middle East and Regional Communications Director at G2. Follow him via Twitter. You can reach Fawzi at [email protected].

    phishingchartWith all the hype around the soon to be standardized multilingual top level domains and IDNs (internationalized domain names), how good are you in telling the difference between a legitimate domain and a phishing name? Ready? Go!

    Which one is legit: paypal.com or рayрal.com? Can’t tell the difference?

    The р in the latter domain name (also in the title, by the way) is a Cyrillic glyph that looks identical to the Latin p. There are tons of glyphs from various scripts that are identical. With the exception of Middle-Eastern and East-Asian scripts and some archaic languages, all modern scripts bear a great resemblance to each other.

    While phishing filters are designed to look at long domain names such as paypal.com.phishing.com and we are all used to ensuring that the domain name we land on is legit, we are incapable of detecting identically looking glyphs from different scripts.

    Never thought magnifying glasses could be a cool security feature, did you?