Person with mask holding laptop computer

As more people get wiser at detecting phishing attempts by looking at the web address bar, hackers have found a new way to fool people.

The best way to explain this new phishing trick is to use an example.

“bibox.com” is the web domain of a legitimate business. Hackers, however, reserved a different web domain: “bỉbox.com”. Do you notice the difference between “bibox.com” and “bỉbox.com”?

The visual difference very subtle. In the second web domain, the second letter is NOT the letter “i”. It is actually a Vietnamese character. In small screens, it is extremely easy to miss the difference. So, basically, hackers are exploiting the fact that some foreign language characters look extremely similar to standard Roman alphabets.

So, how do you protect yourself?

At the time of writing, only Firefox will display the hacker’s web domain as “bỉbox.com” in the web address bar. However, Chrome, Safari and Edge will not display it according to the foreign language display. They will display the web domain as: “xn--bbox-vw5a[.]com” (technically called the “punycode” display).

To force Firefox to always display the puny code of web address (instead of the foreign language display), you need to do this in Firefox:

  • Type “about:config” without the quotes into a Firefox web address bar
  • In the “search:” box type “punycode,” and you should see one or two options like this:
  • Double-click on the “network.IDN_show_punycode” to ensure that it is set to “true”.

Hackers’ new way to phish you
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Are you a VERY CAREFUL person?

You need to be informed about hackers' latest tricks so that you will know what to do to protect yourself.

Subscribe NOW to ensure that you are taken care of!

* indicates required