Punycode Makes SMiShing Attacks More Deceiving

Discussion in '0-day Release' started by silversurfer, Jun 1, 2018.

Tags:
  1. silversurfer

    silversurfer Malware Tester Silver Member

    Phishing attacks carried out via text messages that use the “Punycode” technique to make nefarious URLs look legitimate are becoming more popular, cloud security firm Zscaler says.

    Referred to as SMiShing, SMS phishing is a technique where attackers use text messages in an attempt to trick users into clicking a link that usually leads to malware or asks for sensitive information from the victims.

    Recently, cybercriminals engaged in SMiShing campaigns started using Punycode (a technique also known as homograph attack) to deceive users into believing they are accessing a legitimate link. Specifically, the attackers replace one or more characters in the URL with similar-looking characters that are represented differently in Punycode.

    Full Article: https://www.securityweek.com/punycode-makes-smishing-attacks-more-deceiving
     
    Trim and RGiskardR like this.
  2. Google Adsense

Share This Page