Click to Skip Ad
Closing in...

Phishing scams keep getting smarter, making them difficult to spot

Published Jan 10th, 2019 8:08PM EST
Phishing Scams
Image: Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

It’s a sad reality that phishing scams are becoming increasingly sophisticated, often making it hard for even savvy users to differentiate between legitimate messages and ones designed to abscond with sensitive personal and financial information. Just a few days ago, for example, we covered an iPhone phishing scam that manages to trick users into thinking they’re receiving a legitimate phone call from Apple tech support.

Phone-based phishing scams, though, are arguably a tad easier to detect than web-based phishing scams. That said, scammers over the past few years have done an impressive job of constructing websites that, even upon close inspection, look remarkably close to legitimate sites like PayPal and eBay. Speaking to the trickery that some scammers are implementing with their phishing schemes, Paul Walsh on Twitter today posted a snapshot which illustrates how easy it is for even a cautious user to fall prey to a phishing scam.

As the saying goes, a picture is worth a 1,000 words:

As evidenced a bit more clearly below, you’ll note that scammers have put up websites with URLs that closely resemble an authentic crypto-oriented site. They do this by employing subtle characters that, at first glance, look completely ordinary:

Notably, security research Brian Krebs observed a similar phenomenon just a few weeks ago, though the appearance may vary depending on what browser you’re using.

This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the “i” in is rendered as the Vietnamese character “ỉ,” which is extremely difficult to distinguish in a URL address bar.

As KrebsOnSecurity noted in March, while Chrome, Safari and recent versions of Microsoft’s Internet Explorer and Edge browsers all render IDNs in their clunky punycode state, Firefox will happily convert the code to the look-alike domain as displayed in the address bar.

If you’re on Firefox, you should make a point to remain vigilant, or, simply save yourself some trouble and switch on over to Chrome.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.