Phishing tricks to watch for: Cyrillic characters replacing Latin characters

It’s apparently an old warning, but a message cautioning people to be alert to a particular phishing technique is doing the rounds on social media again, so we think it’s worth pointing out.

A screenshot is circulating on both Twitter and LinkedIn at the moment, warning people to watch out for the transposition of Cyrillic letters with similar ones from the Latin alphabet. The examples given are quite striking, too.

“Spot the difference,” the warning read. “maybank2u.com is not the same as maybank2u.com.”

And while they are technically the same, the first “a” in the second sample is actually the Cyrillic letter “a”. In other words, it’s a scam site pretending to be a legitimate one by using a letter from a different alphabet that merely looks like the Latin character.

============

The original warning traces back to a 2021 warning circulated by the Irish Gardaí.

“An average internet user can easily fall for this. Be careful for every mail requiring you to click on a link,” the Gardai warning said at the time.

This is actually known as an internationalised domain name (IDN) homograph attack, or script spoofing. The earliest known use of such a technique dates back to 2011, when a still unknown individual registered a domain name that was homographic of a well-known US television site. The mysterious hacker’s only motive was to create a fake site to spread a bizarre rumour about the state of Idaho banning — of all things — Justin Bieber’s music.

The more you know.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.