Microsoft recently announced legal action against domains that impersonate the brand using homoglyphs. A homoglyph is a letter or character that closely resembles another letter or character. Cybercriminals use homoglyphs to trick you into thinking a domain belongs to a trusted company.
Here’s an example: Scammers could use a zero (0) in place of a capital letter “O” or they could use a lowercase letter “L” in place of a capital letter “i”. Using these examples, the bad guys can impersonate SINGPOST.COM as SINGP0ST.COM. Some cybercriminals take this method one step further by using characters from other languages. For example, the Russian character “Ь” could be used in place of an English letter “b”.
Remember the tips below:
- Be cautious when you receive an email that you were not expecting. This trick can be used to impersonate any company, brand, or even a person’s name.
- Before you click, always hover over a link to preview the destination, even if you think the email is legitimate. Pay close attention to the characters in the URL.
- If you’re asked to log in to an account or an online service, navigate to the official website and log in there. That way, you can ensure you’re logging in to the real website and not a phony look-alike website.
- A properly operating password manager will not automatically fill in your password on an impersonated website.