Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Homograph Phishing Attack Emerges Again

A conventional phishing method is hitting the news even as it potentially dupes certain Web-surfers irrespective of the number of times they examine one particular web-address for typos.


This is how phishing works: Someone dispatches an e-mail to many people asking for downloading a given attachment or clicking an embedded web-link. The phisher dispatches the web-link while surfing on certain URL which has some clever typo like having yhaoo.com rather than the actual yahoo.com. However, in the aforementioned phishing method known as homograph attack, the phisher dispatches one electronic mail while being on a URL, which appears almost same as the actual URL, substituting a few of the characters by likewise ones out of remaining alphabets.


Now, in spite of seeing all the safe signals on the screen, a Web-surfer can be phished. For e.g. an e-mail recipient follows a given web-link to land on https://appe.com when his Web-browser displays the padlock symbol colored green, indicating the website is secure as also the word "Secure" comes up beside the symbol giving additional reassurance.


The reason why he's still phished is because the URL might appear to read "apple," however, those characters are Cyrillic as A, Er, Er, Palochka, le. Actually the real certification confirming security appears; however, it merely substantiates about the user connecting safely to the URL but doesn't substantiate if the URL has connected with an authentic website. Theguardian.com posted this, April 19, 2017.


The problem can happen on most browsers like Chrome, Firefox or many not so popular browsers although not on Internet Explorer or Safari. And while the usual Web-addresses apparently can't just be recognized differently from the harmful URLs, it's yet relatively easy to stay away from the problem.


Thus for an incoming e-mail that the recipient isn't sure of, while it directs him to follow certain web-link, he shouldn't click on that web-link. Instead, he should type it inside any search engine or address bar of a browser. That's sure to land him on the actual genuine site. Effectively, with one password manager, an Internaut can spot phishing assaults prior to clicking any web-links.

» SPAMfighter News - 4/25/2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page