Spoofing URLs with Unicode
SetApp: A Suite of macOS Apps for a Single Price Affiliate link for a great collection of 200+ macOS apps for a single price—now with iOS apps too. Includes full featured apps like SparkMail, Bartender, BetterTouchTool, Ulysses, MindNode, TextSoap, CleanMyMac X, Craft, NotePlan, AeonTimeline, MarsEdit, and more.
Over at SlashDot there’s a discussion about an article in Scientific American describing
how a pair of students at the Technion-Israel Institute of Technology registered “microsoft.com” with Verisign, using the Russian Cyrillic letters “c” and “o”. Even though it is a completely different domain, the two display identically (the article uses the term ‘homograph’).
Because the letters look very similar, a user will blithely click on a “spoofed” URL, and instead of going to the “safe” site they expect, experience any number of Nasty Things.