Other issues in this category (14)
Fraud in the truest sense of the word!
Monday, January 9, 2017
Everyone knows that you can enter a website URL using upper- or lowercase letters. It doesn't matter, whether we enter drweb.com, Drweb.com or DrWeb.com in a browser’s address bar—the same website will open. But cybercriminals have even found a vulnerability there.
The truth is that we get used to the fact that company and product names are written in uppercase letters (Dr.Web, Google), and website names—in lowercase letters (drweb, google).
Small capitals or small caps (German— kapitälchen; from Latin— capitellum (English—the head)) — are uppercase (capital) characters set at the same height and weight as surrounding lowercase (small) letters or text figures.
Thus, fonts contain not only upper- and lowercase letters, but also uppercase letters that are the same size as lowercase ones!
Attackers were able to register a domain after they replaced the first letter "g" in the legitimate domain name "Google" with "ɢ" (google.com→ ɢoogle. com). According to the registration rules, small caps are allowed in domain names—and cybercriminals exploited that vulnerability.
According to experts, attackers used secret.ɢoogle.com to distribute referral spam, in particular, messages containing calls to vote for Donald Trump.
The Anti-virus Times recommends
It is important not only to scan a link to find out whether it contains some variant of a legitimate Internet resource, but also to make sure that all the letters in the link are in the same register!
- Don't click on links; enter them manually. This is not easy, but it is effective. At first glance, the difference between drweb.com and ᴅrweb.com is not visible.
- Take advantage of Dr.Web Parental Control—only it can bar fraudulent websites.
- If Dr.Web Parental Control reports that the website you want to view is malicious, don’t hurry to add it to the white list; first check whether the URL is correct or enter the address manually.