Internet privacy and security course
About translation
Previous Next

Chapter 95

The danger of capital letters or forever working phishing scheme

This chapter will be one of the simplest and shortest in the course, and many people will say after reading that this is obvious. It may be obvious, but the described method is actively used and works effectively.

This is WWW.PANlCBUTTON.PW, you know it very well. But actually, this is not the link you see. The fact is that in the Latin alphabet, the capital letter i and the lowercase L are written about the same, in this link instead of the large i the small L is written.

As a rule, popular sites, including i in the domain name, independently register a variant with writing through L and redirect it from it to the main domain. But smaller sites often neglect this, by doing so they make a real present for malefactors.

Fraudsters register variants of the site with a spelling in l and use them for phishing, and the domain name is always written in capital letters only. For what the link substitution is used, we have already spoken about it in this chapter.

It is sure that in the browser line capital letters are converted to lowercase, and everything looks not so nice, but, first, not many people check the address bar after opening the link, especially if it’s a long link, and, second, when attacking, aimed at collecting data on the victim, opening the link is the main task of the attacker.

The similar scheme is actively used by scammers in Telegram. It works like this: @service and @SERVlCE are visually the same two Telegram IDs, just one is written in lower case letters, the other one is in capital letters, but, as you might guess, in the second case, letter substitution is used. This is favorite Telegram trick of scammers, and it works greatly.

After reading this chapter, you should remember one simple idea that if you get a link to a site whose address is written in large letters, it can be a trap, if Telegram ID is written in large letters, it can be a fraudster account. Be careful.

 

Tip

If the link to the site or Telegram ID is written in capital letters, check that there are no i-character substitutions for L.

To check the link or Telegram ID written in capital letters, just enter them on this site. The substitution will be immediately obvious.

substitution check

Previous
3457
Next