You may be wondering what homoglyphs and Unicodes are. Homoglyphs are letters or characters that look similar. For example, the character “e” looks similar to the character “ė”. Unicode is a unique code assigned to characters so that any platform or program can understand them. For example, the Unicode for “e” is U+0065, and the Unicode for “ė” is U+0117. Now, cybercriminals are taking advantage of homoglyphs and Unicodes in phishing emails to imitate legitimate organizations.
In a recent scam, cybercriminals send you an email that uses homoglyphs and Unicode to offer you a fake promotion. The email includes a link to log in to receive your promotion. For example, to make the email look more legitimate, cybercriminals could send the email using “N□ėt□fli□ⅹ.com” as the sender. The □ symbol indicates a Unicode character that is not supported in your internet browser, but your browser will automatically omit these unsupported characters when displaying text. In this example, the sender’s email address would display as “Nėtfliⅹ.com”. If you don’t notice the spoofed domain and enter your login credentials, cybercriminals can access your account and steal your sensitive information.
Follow the tips below to stay safe from homoglyph and Unicode scams:
- Even if the sender’s email address appears to be from a trusted domain, the email could be fake. This technique can be used to impersonate any organization, brand, or even a person.
- When you receive an email, stop and look for red flags. For example, watch out for text with odd spacing or characters that look strange.
Never click a link in an email that you aren’t expecting. If the email claims that you need to log in to your account, log in to the organization’s website directly to verify any offers or promotions.
Stop, Look, and Think. Don’t be fooled.
Protect your network! Learn more about security awareness training for your team.