Person with mask holding laptop computer

Hackers’ new way to phish you

As more people get wiser at detecting phishing attempts by looking at the web address bar, hackers have found a new way to fool people.

The best way to explain this new phishing trick is to use an example.

“bibox.com” is the web domain of a legitimate business. Hackers, however, reserved a different web domain: “bỉbox.com”. Do you notice the difference between “bibox.com” and “bỉbox.com”?

The visual difference very subtle. In the second web domain, the second letter is NOT the letter “i”. It is actually a Vietnamese character. In small screens, it is extremely easy to miss the difference. So, basically, hackers are exploiting the fact that some foreign language characters look extremely similar to standard Roman alphabets.

So, how do you protect yourself?

At the time of writing, only Firefox will display the hacker’s web domain as “bỉbox.com” in the web address bar. However, Chrome, Safari and Edge will not display it according to the foreign language display. They will display the web domain as: “xn--bbox-vw5a[.]com” (technically called the “punycode” display).

To force Firefox to always display the puny code of web address (instead of the foreign language display), you need to do this in Firefox:

  • Type “about:config” without the quotes into a Firefox web address bar
  • In the “search:” box type “punycode,” and you should see one or two options like this:
  • Double-click on the “network.IDN_show_punycode” to ensure that it is set to “true”.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

FREE: Top 10 Things You Must Do to Avoid Getting Hacked

Subscribe to our Cybersecurity News, Insights & Updates to get this FREE guide on how to avoid getting hacked!

* indicates required