Infosec Island: When Is Apple.com Not Apple.com?

To get up to speed on the latest technique used by phishing site operators to present legitimate-but-fake (!) web sites, check out Cyren security researcher Magni Sigurdsson’s column in Infosec Island, which details how cybercriminals are exploiting a browser capability for representing non-Latin characters to make users think they really are at apple.com, or other trusted brands’ sites, and snagging their login credentials.

As Magni explains in the article, the vulnerability is attributable to something called Punycode and affects Google Chrome, Mozilla Firefox and the Opera web browsers. It can be very hard to identify pages which are not the real thing without carefully inspecting the site’s URL or checking the SSL certificate. 

By using, for example, the Cyrillic “a”, the attacker is able to make it appear in the address bar that you really are at the paypal.com which spells itself that way only with characters from the Roman alphabet. Enjoy Magni’s analysis!

“paypḁl.com” that has already been blocked by Google.