Punycode continues to be the bad guys’ best friend

These domains look a lot like banks’ official domains.

Image of a computer and cup of coffee with the word "IDNs" overlayed on a green bar

Krebs on Security today published a story about how a financial cybercrime group is using Punycode domains to trick internet users into thinking they’re visiting banks’ websites.

Punycode is what enables internationalized domain names (IDNs). While it’s great for making it easier for people who use non-Latin scripts to access the internet, it also makes it easier for crooks to trick people.

The group calling itself the Disneyland Team (obviously not associated with Disney) is using domains like ạmeriprisẹ[.]com to dupe victims. As Brian Krebs notes:

Look carefully, and you’ll notice small dots beneath the “a” and the second “e”. You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.

Disneyland Team is using Punycode domains to impersonate Chase, KeyBank, Schwab, TDBank and others.

Most modern browsers convert these domains into the format xn-.


Post link: Punycode continues to be the bad guys’ best friend

© DomainNameWire.com 2022. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Back to top button