Identical Domain Phishing ScamPhishing is one of the top methods to trick unsuspecting people into giving up personal information on the internet. Phishing is typically carried out through email. A scammer sends out emails posing to be a legitimate company in an attempt to get you to click on their link and attempt to login to your account. While there are some obvious signs of a phishing attempt, some are not so obvious: beware the newest identical domain phishing scam.

Identical Domain Phishing Scam – Firefox and Chrome

This newest scam is almost impossible to catch unless you know what you’re looking for. Scammers are now registering for domain names using ASCII coding to mimic legitimate, trusted websites. The ASCII Unicode displays exactly the same as the legitimate website in the browser bar of these two browsers. What makes it even more difficult to spot, is that registering for a security certificate isn’t difficult. This makes relying on the security certificate is not safe either.

How Can I Avoid the Domain Phishing Scam?

  • Firefox: Type in about:config and search for punycode . Find the parameter IDN_show_punycode and change the value from false to true.
  • Chrome: Currently, there isn’t a fix released for Chrome but there is a fix in their test release. It’s set to release in the next couple of days, but until then, if you suspect that a site is phishing for information, or you want to be sure, copy the address in the browser bar and paste it into a word processor to see if the site is legitimate or in ASCII Unicode (a fake domain would start with https://xn-- ).