People are being alerted about an old, resurfaced phishing technique that is capable of duping even the most internet-savvy users.
Web developer Xudong Zheng has recently created a false version of apple.com, which seems to have the exact same URL as the iPhone-maker’s online store. Most users would have no problem clicking the link, which looks completely legitimate. However, its actual URL is: “xn—80ak6aa92e.com”.
However, Mr Zheng’s fake apple.com contains no malicious content, as it simply contains a message reading, “Hey there! This may or may not be the site you are looking for! This site is obviously not affiliated with Apple, but rather a demonstration of a flaw in the way unicode domains are handled in browsers.”
This means that cyber criminals can use the same technique to trick users into visiting infected websites. This is not a new scam and is known as an internationalised domain name (IDN) homograph attack, which was first reported back in 2001.
The attack exploits the sameness of individual characters and replaces specific Latin characters with identical, or near-identical-looking characters from non-Latin alphabets, such as Cyrillic.
The URL for Mr Zheng’s fake Apple website uses a Cyrillic ‘a’, which is impossible to distinguish from the ASCII ‘a’. ASCII is an encoding standard for characters familiar to English readers, a hangover from the internet’s early days as a US creation.
However, potential scammers can use a tool called Punycode to translate characters from Unicode, an encoding standard for a much wider range of characters, into ASCII, transforming a URL most internet users would never click on to something that looks completely innocent. Chrome 58, which was released earlier this year, protects users from the issue. But those using prior versions of Google’s popular browser are vulnerable to such attacks.
The scam also works on Firefox, but not Safari or Internet Explorer.
Firefox users can mitigate the risk by typing about:config into the address bar and marking network.IDN_show_punycode as True. This will display IDN domains in their Punycode form.
Mr Zheng says concerned users can also take additional precautions by manually typing out URL or navigating to sites through a search engine.
Stay informed on the latest with deVere Group Scam News!