As more people get wiser at detecting phishing attempts by looking at the web address bar, hackers have found a new way to fool people.
The best way to explain this new phishing trick is to use an example.
“bibox.com” is the web domain of a legitimate business. Hackers, however, reserved a different web domain: “bỉbox.com”. Do you notice the difference between “bibox.com” and “bỉbox.com”?
The visual difference very subtle. In the second web domain, the second letter is NOT the letter “i”. It is actually a Vietnamese character. In small screens, it is extremely easy to miss the difference. So, basically, hackers are exploiting the fact that some foreign language characters look extremely similar to standard Roman alphabets.
So, how do you protect yourself?
At the time of writing, only Firefox will display the hacker’s web domain as “bỉbox.com” in the web address bar. However, Chrome, Safari and Edge will not display it according to the foreign language display. They will display the web domain as: “xn--bbox-vw5a[.]com” (technically called the “punycode” display).
To force Firefox to always display the puny code of web address (instead of the foreign language display), you need to do this in Firefox:
- Type “
about ” without the quotes into a Firefox web address bar :config
- In the “search:” box type “
punycode,” and you should see one or two options like this:
- Double-click on the “network.IDN_show_punycode” to ensure that it is set to “true”.