🎣 𝐏𝐡𝐢𝐬𝐡𝐢𝐧𝐠 𝐀𝐭𝐭𝐚𝐜𝐤 𝐀𝐥𝐞𝐫𝐭 Hackers use lookalike domains to trick users into clicking fake links. Sometimes a single letter is swapped with a similar-looking character from another alphabet, almost impossible to spot at first glance. These phishing sites are designed to steal logins, banking details, and sensitive information. 👉 How to protect yourself: ~ Double-check URLs before clicking ~ Don’t log in through links in emails or texts ~ Bookmark official websites for safe access Phishing attacks succeed because the differences are tiny but dangerous. Stay alert before you click. #CyberSecurity #Phishing #CyberCrime #OnlineScams #CyberAwareness #DataProtection #InfoSec #StaySafeOnline #HackerCombat
ooohhh that's a good one. Security teams would be flooded doing phishing tests on this.
These homograph attacks are getting scary good. When xn--citibnk-6fg.com looks exactly like citibank.com, even security pros get tricked. Sure, “check the URL” is good advice, but let’s be real: human eyes can’t catch every character swap. That’s why browser-level protection like Keep Aware is critical, it spots the encoding in real time. And here’s the bigger danger: those stolen creds don’t just open accounts… they open the door for ransomware. That’s where UpSight Security Inc. steps in. We don’t wait for encryption, we predict and stop ransomware before it starts. Browser protection + predictive defense = real layered security.
If I'm not mistaken, this attack is an IDN Homograph Attack. This type of system system allows domain names to use characters from various languages not just the basic Latin alphabet.
I do not click on embedded URLs regarding personal stuff
Classic example of a homograph attack. Attackers use characters from other alphabets to create lookalike domains that fool even careful users. Awareness and technical controls like browser warnings and email filters are critical to stop these.
It is categorically unrealistic to expect users to exhibit this level of diligence and skepticism. Imagine if we told shoppers "make sure you don't buy any of the fake poison food in the store". It is up to technologists to make these systems safe for use, regardless of how tenacious or (honestly not even very) clever are the Bad Guys. I mean it's nice to inform them, we still have to do that. But protecting themselves from what are absolutely 100% failures of technology is not a realistic request to make of (literally) every single user on the internet.
I think about the Seniors when I see posts like this.
Thanks for sharing this information.
cyrillic didn’t work anymore. it get translated into these weird strings in the url
Biometric Security Consultant
1dAs a security professional what, and how, would you suggest a general user (or org of users) detect and/or avoid this type of a situation? Specifically in an ex similar to citibank where there is only one "a."