Alert! New trap mimics legitimate domains in phishing attacks

[OyaYansa]

Phishing continues to be one of the main security threats and cybercriminals are constantly looking for new formulas to trick users, with the aim of stealing their personal and financial data, installing malware or other malicious purposes.

The use of false domain names similar to legitimate ones is a strategy that criminals often use in their phishing campaigns. This is the case of typosquatting, a technique that takes advantage of typographical errors of victims, or combosquatting, which is based on the use of domain names similar to those of legitimate pages so that victims do not realize they are accessing to a fake site.

Another dangerous strategy we have seen in recent months is based on the replacement of certain characters by Unicode signs that are visually almost identical, which allows attackers to register false domains that can deceive anyone, as we could see in the case of this trap that uses Cyrillic characters to impersonate legitimate addresses of banks and companies.

The new technique that criminals are using follows this line, but in this case it is based on the use of an almost imperceptible lower diacritic point that appears under vowels and consonants, both uppercase and lowercase. What the attackers do is register false domains using these characters, so that at first glance they are practically identical to the ones they want to impersonate.

It's the strategy they've used, for example, to create a fake page that mimics the po[CENSORED]r Exchange Binance. This has been reported by users on Reddit, who warn that a phishing campaign is circulating that replaces the "n" of the legitimate domain by "ṇ" with a lower diacritic point.

To avoid being a victim of such attacks, check carefully the addresses you visit, especially if they have arrived by email, and try to write the URL by hand without mistakes or typographical errors.