Imperceptible internet scam to trick Google Chrome users to visit dodgy websites returns

The attack exploits the fact that lots of different characters look identical

Aatif Sulleyman
Friday 21 April 2017 11:44 EDT
Comments
The scam was first reported back in 2001
The scam was first reported back in 2001

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

People are being warned about an old phishing technique capable of duping even the most clued-up internet users.

Web developer Xudong Zheng recently created a fake version of apple.com, which appears to have the exact same URL as the iPhone-maker’s online store.

Most people would have no issue clicking on the link, which appears to be completely legitimate. However, its actual URL is: “xn—80ak6aa92e.com”.

There’s no malicious intent behind Mr Zheng’s fake apple.com, which simply contains a message reading, “Hey there! This may or may not be the site you are looking for! This site is obviously not affiliated with Apple, but rather a demonstration of a flaw in the way unicode domains are handled in browsers.”

Cyber criminals, though, can use the same technique to trick users into visiting infected websites.

It’s an old scam, known as an internationalised domain name (IDN) homograph attack, which was first reported back in 2001.

The attack exploits the fact that lots of different characters look the same, and sneakily replaces certain Latin characters with identical- or near-identical-looking characters from non-Latin alphabets, such as Cyrillic.

The URL for Mr Zheng’s fake Apple website uses a Cyrillic ‘a’, which is impossible to distinguish from the ASCII ‘a’. ASCII is an encoding standard for characters familiar to English readers, a hangover from the internet’s early days as a US creation.

However, potential scammers can use a tool called Punycode to translate characters from Unicode, an encoding standard for a much wider range of characters, into ASCII, transforming a URL most internet users would never click on to something that looks completely innocent.

Chrome 58, which was released this week, protects users from the issue. People using older versions of Google’s popular browser can still be affected, so it’s important to update.

The scam also works on Firefox, but not Safari or Internet Explorer.

Firefox users can protect themselves by typing about:config into the address bar and marking network.IDN_show_punycode as True. This will display IDN domains in their Punycode form.

Mr Zheng says concerned users can also take extra precautions by manually typing out URL or navigating to sites via a search engine.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in