Marti Sec
Inquisitor Palletack
Figaro@Palletack dude. If the email contents seemed legit I'd absolutely fall for this
@energiepirat@Palletack Shocking
Photoshop Art@Palletack never open email links!!!!!
Darwin Woodka@Palletack well nobody should be banking with citibank anyway
Axel Gutmann@Palletack What's the [purpose | no scam use case] of allowing mixed character sets in URLs?
@virbonus One goes to the authentic company site...the other one doesn't.
@Palletack I understood that (as my post should show) and exactly therefore my question is, why such constructs are even allowed by the technical standard? What possible use is there beside tricks like that?
@virbonus I apologize, I misunderstood. One way I would try to help mitigate something like that is to purchase all domain names that use variations on the font. And because they are criminals, even if the font was banned it still wouldn't stop them from recreating it. I think there are also ways that they can piggyback off of the actual link to redirect to their scam site. I suppose the best way to stop criminals is to put them out of business...but they are always evolving. I hope this helps.
Louis Ingenthron@virbonus @Palletack For people hosting websites who don't speak English. Or, whose audience doesn't speak English.
Arnoif the url contains mixed character sets, the browser will display the punycode version (punycode = non beautified, using only simple characters (ASCII), version of the url)
for example citibаnk.com is in fact displayed https://xn--citibnk-6fg.com/ in my browser
I agree that having a block at the url registration level would be better though. Maybe there are some use cases of mixed sets ?
cf "IDN Display Algorithm" on mozilla wiki, https://wiki.mozilla.org/IDN_Display_Algorithm
Islamic Audiobooks Central@abc3354 @virbonus @Palletack not on @[email protected] #Firefox unfortunately unless you change it in about:config
RedAlert (Michael)
Susan Larson ♀️🏳️🌈🏳️⚧️🌈@Palletack Never click on links in email. Type it out manually.
@Palletack if you use outlook an email will come in from, in this example, "Citibank" but if you click the surrounding area on the from tab on the mobile app it will expand to show "[email protected]" or some random string.
How do thee companies have a system that they allow to be abused to frequently.
Michael Gemar@Palletack @GhostOnTheHalfShell So we’re making AI that hallucinates rather than AI that can prevent these kind of attacks.
Jan Eckhoff 💉⁸ 🐘@Palletack аѕріс ѕрісеѕ
Nils, DC4AC@Palletack Actually, it looks more like a Greek alpha. Cyrillic letters are even worse, as many of them have a 100% identical shape to Latin letters:
aа eе oо рp cс хx yу
Can you spot which one is a Latin and which one is a Cyrillic letter? I can't.🙂
aа eе oо рp cс хx yу
Can you spot which one is a Latin and which one is a Cyrillic letter? I can't.🙂
McNulla@Palletack
I don’t click links from emails. I open a new tab and enter the URL and look for notifications there.
I don’t click links from emails. I open a new tab and enter the URL and look for notifications there.
@Palletack That's too good, I couldn't tell. Ugh
Elias Mårtenson@Palletack I don't think only average users would fall for these. I'd like to consider myself above average and I would absolutely fall for this under the right circumstances.
João Santos@Palletack That looks like a latin script a¹ (ɑ), not the Cyrillic a (а), which would be even trickier for the users. Browsers probably should color code which code block a character belongs to so it's apparent for the users.
Catweazle@Palletack, in case of doubt, positioning the cursor over the link (do not click on it), the browser shows the complete URL, where it is easier to identify if the site is legitimate. You can also right-click, copy the link and check it with one of these services that should not be missing from bookmarks.
https://www.urlvoid.com
https://scan.safetoopen.com
https://webbkoll.dataskydd.net/en
https://www.virustotal.com/gui/home/url
General website check
https://themarkup.org/blacklight
https://www.urlvoid.com
https://scan.safetoopen.com
https://webbkoll.dataskydd.net/en
https://www.virustotal.com/gui/home/url
General website check
https://themarkup.org/blacklight
Check if a Website is Malicious/Scam or Safe/Legit | URLVoid
Free website reputation checker tool lets you scan a website with multiple website reputation/blocklist services to check if the website is safe and legit or malicious. Check the online reputation of a website to better detect potentially malicious and scam websites.
@Catweazle Ah! NICE!!
LAF and LOVE@Palletack YES! Thank you. My husband (tech dinosaur) refuses to even notice the url extension as I’ve warned. So much active scamming going on. And, no, UPS did not lose your address. (Get 3 of these a day!)
Mirko Schenk@Palletack Password managers with browser add-ons resp. using mobile system's autofill can avoid the risk here as well. I recently got a really well made fishing mail claiming to come from my ISP, with a pretty similar URL and 1:1 copy of the start/login page, but then wondered why the autofill didn't work...
Andres Jalinton
Martijn VosI've always thought it was a stupid idea to allow non-ascii in domain names. That's just asking for trouble. I know, ascii is too US-centric, but allowing literally everything in domain names is a really bad idea. At the very least, require domain name to be in one single character set, rather than a mix. Hopefully that would prevent most or all abuses.
Gabriel N@Palletack in the banking industry in Chile, putting URLs in any kind of electronic communication —SMS, Whatsapp, email— is no longer allowed. Scams, malware and theft broke the medium.
RFI find it easier to just never click links from any email anymore.
UnHooked@Palletack me: copying the url to check it out later
Adam Katz@Palletack
This image is misleading because it uses one of the rare fonts that actually renders Cyrillic & Latin letters differently.
Compare here: сitibаnk vs citibank.
Which is which?
Sparky@Palletack This is why I blocked domains containing cyrillic characters in AdGuard Home. Same can also be done in PiHole.
Diabolic Preacher@Palletack known about IDN spoofing for so many years (funny that it is still cyrillic, i thought unicode gave more options) and I was thinking browsers would have added some protection or identification markers for this by now.
@Palletack fortunately it will show as punycode in the address bar of most browswers
Binary Large Octopus@Palletack This is why IDN is still one of the worst ideas in Internet history, and not because we are short in candidates.
johnpiersI've been using the internet and email for as long as it's been around and I was like, "What are they going on about?" Only after re-reading a few times did I see it. I must concede, I've never seen this before.
Ryan@Palletack this is actually my worst fear!
Pfannkuchen 
Rosemarie and Owen Kelly
Deadly Headshot@Palletack
Most TLD providers disallow domain names that mix Cyrillic and Latin characters, though.
Most TLD providers disallow domain names that mix Cyrillic and Latin characters, though.
@dheadshot I guarantee that those are not on any of them.
Mattias Schlenker@Palletack Mixed character set domains are prohibited now by some of the big registrars.
Troelle@Palletack Ui. Bin bisweilen in Malaysia. Danke.