Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scammers Abuse Multilingual Domain Names (bbc.com)

Posted by msmash on from the beware dept.

Cyber-criminals are abusing multilingual character sets to trick people into visiting phishing websites. BBC: The non-English characters allow scammers to create "lookalike" sites with domain names almost indistinguishable from legitimate ones. Farsight Security found scam sites posing as banks, loan advisers and children's brands Lego and Haribo. Smartphone users are at greater risk as small screens make lookalikes even harder to spot. The Farsight Security report looked at more than 100 million domain names that use non-English character sets -- introduced to make the net more familiar and usable for non-English speaking nations -- and found about 27% of them had been created by scammers. It also uncovered more than 8,000 separate characters that could be abused to confuse people.

Farsight founder Paul Vixie, who wrote much of the software underpinning the net's domain names told the BBC: "Any lower case letter can be represented by as many as 40 different variations."

6 of 129 comments (clear)

  1. Unicode is a mess by Anonymous Coward · · Score: 5, Insightful

    Saw this coming years ago. Unicode assignment is a god awful mess, made worst now that nearly every single noun has an emoji version. Pity that we're probably stuck with it until the end of humanity.

  2. Don't be stupid. by Anonymous Coward · · Score: 4, Insightful

    Safe use of the Internet requires digital "street smarts."

    One should not need to be told that it is unsafe to click links in emails, or that virus scanners don't alert you via popups on a web page. Understanding of the basics of how these things work make it obvious, and make safe browsing practices just as obvious.

    The industry has bent over backwards to grant access to swarms of people too stupid to be safe online.

    So, the scammers take them for all they are worth.

    Personally, I consider stupidity to be a vice (and largely a choice), so I don't have much sympathy for people who fall for this sort of thing.

  3. Unicode doesn't belong in a URL... by ELCouz · · Score: 3, Insightful

    Seriously...what they where thinking?!?!

    1. Re:Unicode doesn't belong in a URL... by darkain · · Score: 5, Insightful

      They were thinking that not the entire world is English speaking.

  4. Re:Farsight Security by BronsCon · · Score: 4, Insightful

    Look more closely...

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  5. Dear browser makers by viperidaenz · · Score: 4, Insightful

    Give an option to disable the display of IDN's. Instead display the "Punycode" translation of the name.
    Better yet, default that for English and any other language that doesn't require non-ascii characters.