- Joined
- Jan 6, 2008
- Messages
- 13,979
- Reaction score
- 1,533
- Location
- Wisconsin's (sore) thumb
- Website
- www.firefromthesky.org
It relies on Punycode, a sort of "secret decoder ring" for web browsers. A domain name can be created using ASCII characters that stand for unicode characters, and nevermind the details it will be displayed in the URL bar of your browser as something familiar and safe looking - including the dearly beloved https if the crooked site has a cert.
Please read about it..
http://hackaday.com/2017/04/19/you-think-you-cant-be-phished/
https://www.ghacks.net/2017/04/17/punycode-phishing-attack-fools-even-die-hard-internet-veterans/
If you are using Firefox, type about:config in the URL bar and hit Enter. Tell the warning you're OK with it. Long page of geekese will appear. Then type "puny" (w/o quotes) in the search field at the top of the page. There will appear one line instead of many. Double-click "false" at the end of the line to change it to "true"
If you are using Chrome or one of its derivatives, just be damn careful until they do someting about it.
Hovering over a link on a page or in email that hides one of these punycode links WILL SHOW the real gibberish in the browser's status bar (or it just appears at bottom of window). You should be doing this anyway.
And NEVER click on links in emails!
Please read about it..
http://hackaday.com/2017/04/19/you-think-you-cant-be-phished/
https://www.ghacks.net/2017/04/17/punycode-phishing-attack-fools-even-die-hard-internet-veterans/
If you are using Firefox, type about:config in the URL bar and hit Enter. Tell the warning you're OK with it. Long page of geekese will appear. Then type "puny" (w/o quotes) in the search field at the top of the page. There will appear one line instead of many. Double-click "false" at the end of the line to change it to "true"
If you are using Chrome or one of its derivatives, just be damn careful until they do someting about it.
Hovering over a link on a page or in email that hides one of these punycode links WILL SHOW the real gibberish in the browser's status bar (or it just appears at bottom of window). You should be doing this anyway.
And NEVER click on links in emails!