The claim: Hackers use visually similar characters to deceive people in online phishing schemes
Online attackers bent on stealing personal information are using a visual deception to trick people into visiting malicious websites, a post circulating on social media claims.
The April 20 Facebook post shows two web addresses that, at first glance, appear identical. A closer look, though, shows that one character – in this case, the letter “a” – is slightly different in each one.
“An average internet user can easily fall for this,” the post reads. “Be careful for every mail requiring you to click on a link.”
The post has been shared hundreds of times on Facebook.
The claim appears to be true. Credible sources dating back to the early 2000s give a similar warning against this kind of “spoof” of the website a user intends to visit. But similar exploitations have emerged recently as well.
The user who shared the post could not be reached for comment.
How does the attack work?
The attack is a form of “spoofing,” when someone poses as a legitimate institution in an attempt to obtain personal information.
“Most people by now have gotten a little bit suspicious. … The idea is how can they trick you into thinking you know who it is or what it is when it isn’t,” said Stuart Madnick, founding director of Cybersecurity at MIT Sloan.
In this instance, it exploits the visual similarities between characters in the Roman alphabet used in the English language and the…
