Microsoft Outlook shows real person’s contact info for IDN phishing emails
Ax Sharma reports:
If you receive an email from
someone@arstechnіca.com, is it really from someone at Ars? Most definitely not—the domain in that email address is not the same arstechnica.com that you know. The ‘і’ character in there is from the Cyrillic script and not the Latin alphabet.
This isn’t a novel problem, either. Up until a few years ago (but not anymore), modern browsers did not make any visible distinction when domains containing mixed character sets were typed into the address bar.
And it turns out Microsoft Outlook is no exception, but the problem just got worse….
Read more on Ars Technica.