Your IT Consultant

Another Lesson in Phishing Attacks

September 8, 2021

The cyber world is a dangerous place. It’s a constant battle of how to defend yourself against ever changing methods of attack. Ars Technica posts about an increase of a phishing attack using specially crafted email addresses. It is no longer sufficient to pay close attention to the email address of the sender. An increased usage of an old technique uses a different alphabet for some letters in the domain name. The post has an example of an email address of someone@arstechnіca.com. The i in the domain name is actually a Cyrillic symbol. If you cut and paste the domain name of arstechnіca.com from the example and dumped it into a modern browser, the resulting domain would be xn--arstechnca-42i.com. Certainly not what you would expect it to be.

Unlike how browsers deal with these types of domains, apparently Outlook doesn’t properly decode the information. Bad news. As a result, Outlook will retrieve the contact information from your address book using the information as displayed and not the real decoded version. In other words, you can’t trust what your eyes see. Yet again, another reason to be particularly diligent in reviewing any links in a phishing email, especially a sender’s address. Perhaps we should go back to letters and stamps.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com