Hackers have increasingly complex and creative strategies to try to trick us. And one of them is using visually similar characters to trick people into online phishing schemes. Hackers who base their strategies on stealing personal information are using a visual trick to trick people into visiting malicious websites.
The method is simple: you change a letter “a” of the Latin alphabet for a “α” from the Cyrillic alphabet which, at first glance, seem identical. However, because they are different, they lead to another website and that is where the scam begins. So, when we receive a malicious email with a link that we think we recognize, such as the website of a bank or government agency, we click on it thinking it is “official,” but it takes us to a page that downloads the file containing our data: personal information, passwords, etc.
The attack is a form of “phishing,” where someone impersonates a legitimate institution in an attempt to obtain personal information. Other times, no files are downloaded, but the user is asked for personal or financial information while on the malicious site. The scam is known as punycode and frequently uses the Cyrillic alphabetbut there have also been cases of similar scams using other alphabets/characters such as Greek, Thai, Chinese, Japanese, etc.
There are several characteristics that reveal this type of deception. For example, if we receive the message and copy it into a browser, The fake website will not read like an official website URL. On most devices, the address does not appear as a hyperlink, but only as plain text (in black), not as clickable hyperlink text (in blue).
To check whether the link provided is real or fake, it is advisable write the website address ourselves instead of copying or access the website from the link provided. It is also advisable to use a reliable browser and update it regularly.