It’s a sad reality that phishing scams are becoming increasingly sophisticated, often making it hard for even savvy users to differentiate between legitimate messages and ones designed to abscond with sensitive personal and financial information. Just a few days ago, for example, we covered an iPhone phishing scam that manages to trick users into thinking they’re receiving a legitimate phone call from Apple tech support.

Phone-based phishing scams, though, are arguably a tad easier to detect than web-based phishing scams. That said, scammers over the past few years have done an impressive job of constructing websites that, even upon close inspection, look remarkably close to legitimate sites like PayPal and eBay. Speaking to the trickery that some scammers are implementing with their phishing schemes, Paul Walsh on Twitter today posted a snapshot which illustrates how easy it is for even a cautious user to fall prey to a phishing scam.

As the saying goes, a picture is worth a 1,000 words:

As evidenced a bit more clearly below, you’ll note that scammers have put up websites with URLs that closely resemble an authentic crypto-oriented site. They do this by employing subtle characters that, at first glance, look completely ordinary:

Notably, security research Brian Krebs observed a similar phenomenon just a few weeks ago, though the appearance may vary depending on what browser you’re using.

This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the “i” in Bibox.com is rendered as the Vietnamese character “ỉ,” which is extremely difficult to distinguish in a URL address bar.

As KrebsOnSecurity noted in March, while Chrome, Safari and recent versions of Microsoft’s Internet Explorer and Edge browsers all render IDNs in their clunky punycode state, Firefox will happily convert the code to the look-alike domain as displayed in the address bar.

If you’re on Firefox, you should make a point to remain vigilant, or, simply save yourself some trouble and switch on over to Chrome.

Comments