Phishing Scam Alert

Cyber criminals are using more sophisticated techniques to try and get credit card information, passwords etc. from users. This bulletin will discuss one new phishing scam variant and what to do about it.

What is Phishing?

Phishing is the practice of sending fraudulent emails under the guise of representing a reputable company with intent to defraud the recipient.

What is this Variant?

There have long been phishing scams that try to trick users into clicking on links that initially appear to be valid but with one small difference. Examples would include an email providing a clickable link to gmial.com (the letter “i” and “a” have been inverted) or americannexpress.com (two letter ”n’s” in the middle). Cyber criminals are taking this type of attack to a whole new level by using characters from different alphabets. For example the Greek letter “O” and the Cyrillic letter “O” and indistinguishable but different characters. The user will not be able to tell words spelled with these various alphabets apart from those spelled with legitimate letters and sites. This type of attack is called an IDN homograph attack.

How to avoid it?

The best advice is if you receive an email you are not expecting containing a link that appears to be from a site you normally might use and log into, go directly to the site you use and do not use the link in the email. Obviously if the link is to somewhere you do not normally go, delete the email and move on.