http://mashable.com/2010/01/01/idn-phishing
"The Times Online article uses PayPal — already a frequent phishing target — as an example.
If the domain, created using Cyrillic scripts “raural.com” was registered, the way that Unicode-browsers will actually render that domain in latin is as “paypal.com.” In theory, phishers could pass around that link and set up a fake version of the PayPal site to harvest logins and credit card data.
I’ve made this graphic for even better illustration:

Pretty scary, no? As of right now, ICANN hasn’t instituted any policies of trying to protect these kinds of situations, meaning it might be that much more difficult for even normally cautious users to avoid being scammed. Of course, a certain amount of the success of these scams is determined by how well different mail and browsing programs handle Unicode. However, most modern browsers and operating systems have strong Unicode support, which makes deciphering the differences that much more difficult.
"
No comments:
Post a Comment