1. 10

  2. 7

    This seems to be a variant of an IDN homograph attack.

    1. 8

      It is indeed.

      It’s becoming a common “attack” on many websites, forums, particularly as usernames to impersonate users, or in any user inputs really (like “your website”, …). There’s this small python lib I made to validate user inputs against homograph attacks: https://pypi.python.org/pypi/confusable_homoglyphs/

      (edit: How fun, I wanted to help preventing these issues but after posting this I checked if ɢoogle was properly detected as dangerous by my lib and… it isn’t.

      The lib builds a small data file containing all characters advertised as “confusable” by the Unicode Consortium. This weird small ‘G’ is ɢ, which according to the Unicode Consortium is only confusable with ԍ, not with G. Too bad.)

    2. 1

      I wonder if displaying punycoded URLs would make this kind of attack less effective (https://en.m.wikipedia.org/wiki/Punycode)