Online

How Non-Latin Domain Names Could Be Used To Steal Your Money

9:23PM January 4, 2010 | Jesus Diaz

Unicode is great because it supports multiple languages simultaneously, bringing international understanding, universal peace and planetary love. And so is ICANN’s decision to allow domain names that use non-Latin alphabets. Until both combine to steal your credit card number.

Or your login name, passwords, address or whatever other data a phishing site can get from you. Until now, there is an easy way to test if a site is legit or not. You just look at the browser URL. If it’s not paypal.com or amazon.com or whatever.com, then it’s not those companies’ websites, no matter how well they clone their layout and graphics.

The problem will come in 2010. That’s when sites’ URLs would start appearing in cyrillic, and then there will be cases of mistaken identity unless someone comes up with rules soon. Just check the image above, in which the russian word “raural” becomes “paypal”. Can you see what this is going to be bring? Yes, a big sports bag full of hurt. [Mashable]

Comments

  • aaadrian

    January 5, 2010 at 12:35 AM

    Or, instead of following dodgy links or Googleing sites they know the addresses to, people could just type the address themselves!

    • johnny

      January 5, 2010 at 1:52 PM

      imagine you are on a online shopping site and when you checking out, you use the paypal link to pay. how you gonna type in the address in browser?

  • Oleg Estrin

    January 5, 2010 at 2:32 AM

    Well spotted Jesus! I guess browsers will have to warn users in a nice unobtrusive way (hopefully), that they are visiting a web-site with a non-english domain name. Perhaps a small but bright icon in the address bar or something like that. I’m sure there will be plugins for firefox/chrome to detect that kind of thing before we know it.

    • Sam

      January 5, 2010 at 7:58 AM

      Maybe they should highlight non ASCII characters in a different colour?

  • Ashley Bartlett

    January 5, 2010 at 1:27 PM

    I’m too lazy to search for it, but I believe as of even IE7, IE will show you if a website URL is unicode, in order to prevent exactly this. I’m not sure about firefox.

    They were talking about it on the official IE blog a while ago.

  • Sam

    January 7, 2010 at 12:58 PM

    What about the companies responsibility to protect you, they should be buying those domain names that cause a potential security risk.

Post Your Comments