unicode – Computer Security Articles

Something else is phishy: How to detect phishing attempts on mobile

December 10, 2018 admin 101, ad-networking phishing, homograph attacks, How-tos, https, iOS, Mobile, phishing, phishing apps, Punycode, smishing, Social Phishing, unicode, url padding, vishing

Credit to Author: Jovi Umawing| Date: Mon, 10 Dec 2018 15:00:56 +0000

Phishing is more problematic on smartphones than on desktops. Not only that, approaches to handling phishing attacks on mobile are quite different because their techniques are also different. So, how can users sniff out a mobile phish? Let us count the ways.

Categories:

Tags: ad-networking phishing homograph attacks HTTPS iOS Mobile phishing phishing apps Punycode smishing Social Phishing unicode url padding vishing

Independent Krebs

Look-Alike Domains and Visual Confusion

March 8, 2018 admin alex holden, Apple Safari, CA, CA Technologies, ca.com, Computer Associates, Google Chrome, Hold Security, IDN, internationalized domain names, Latest Warnings, look-alike domains, mozilla firefox, phishing, Punycode, skype, The Coming Storm, Twitter, unicode, Web Fraud 2.0, xn--80a7a.com

Credit to Author: BrianKrebs| Date: Thu, 08 Mar 2018 16:55:13 +0000

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):

MalwareBytes Security

Phony WhatsApp used Unicode to slip under Google’s radar

November 8, 2017 admin Adware, App Store, Fake WhatsApp, Google Play, Security world, Social engineering, social media, unicode, WhatsApp

Credit to Author: Malwarebytes Labs| Date: Wed, 08 Nov 2017 17:13:12 +0000

After a troubling week for Google not so long ago, the company is under the spotlight once more for missing a phony Whatsapp that, after further investigation by several members of Reddit, was found laden with adware.

Categories:

Tags: adware App Store fake whatsapp Google Play social media unicode whatsapp