(This one was suggested by a reader. Thanks, Chris!)
No, not clowns. I mean actual characters, like letters. Scammers have been using a technique for quite a few years that takes advantage of the Internet’s internationality. That is, the different languages we use all over the world and how we write. Many of those languages use the Cyrillic alphabet. They use different character sets in the website address to spoof the domain name.
Cyrillic Alphabet
The Cyrillic alphabet is used mainly by Slavic-speaking countries. It is used in over 50 languages, including Russian, Bulgarian, Ukrainian, and Serbian. If you look at the table below, you will see a few similarities to our alphabet (Latin or Roman Alphabet). A few characters stand out. In Cyrillic the following have similar letters in the Latin Alphabet but are displayed differently. Look at the lower case equivalents. Аа Вв Ее Мм Нн Оо Рр Сс Тт in Cyrillic. The corresponding Latin letters are Aa Bb Ee Mm Hh Oo Pp Cc Tt.
How Scammers Use This Difference
Scammers utilize this difference because the rules of the Internet allow them to. They also allow internationalized domain names and how web browsers read them. Malicious use of this feature is called a Homograph attack. This technique has been used for almost as long as the Internet has been around.
Scammers substitute the Cyrillic letter in for the Latin letter we expect to see.
For example, www.gmail.com would be www.gмail.com. These would not be the same destination; the latter would be used for malicious purposes.
Other examples of this would be www.aмazon.ca or нoмedepoт.ca.
At first glance, they look right, but we know something is off. The Cyrillic A is a bit harder to tell in the examples below. It is an alternative way of writing the letter a as α. This is much harder to catch
How To Protect Yourself
You can protect yourself by manually typing the address in your web browser’s address bar. Another option is to use a known safe bookmark.
Also, make sure your browser is up to date, this is just good practice.
Have you ever seen this being used? Did you catch it? Let us know in the comments below. Have an idea for an article, reach out to us and let us know on the About Page