How Cyrillic Supports Phishing, And What To Do About It

During the past 6 or 7 years, phishing has increased in popularity enormously. In short, Phishing refers to a criminal practice of obtaining the victims username and password for a certain purpose. Usually, victims will receive an e-mail, supposedly from a bank or financial institution, asking the victim to click a link in that e-mail, which would redirect them to the bank or financial institution, and then to confirm username and password. In reality, victims are referred to an exact copy of such a site, and all personal data is being recorded, so it can be used by criminals to log into the victims account.

Since some time, Cyrillic alphabet characters are permitted into a URL just as the roman alphabet. As many Cyrillic characters are identical to that of Roman characters, phishing criminals can trick victims by inserting a Cyrillic character into a link, in stead of a Roman one. You may want to try the following test (the first link is the normal link redirecting to the official website of Citibank, the second link contains 2 Cyrillic characters: “c” and “a”; the second link will not open an existing website as of the writing of this article):

http://www.сitibа (take a close look at the error web address claiming to be non-existent; it is “”, not

Therefore, be careful not to open fraudulent links in e-mails. Best to type in the URL manually in the browser’s window.

Be the first to comment on "How Cyrillic Supports Phishing, And What To Do About It"

Leave a comment

Your email address will not be published.