A quizzle for the weekend: Which of the following domains is most likely a malicious one? Look closely!
Quite simple, some will say. Others claim they never fail to phishing mails or open unknown file attachments. This always happens to the others! Whoever knows such a person may pass this quiz to him or her.
Even if the first two domains seem familiar, they do not lead to where you expect. The “d” in deutsche-telekom and sparkasse-darmstadt is a cyrillic “d” and hardly distinguishable from our latin one. Technically it is a completely different letter. A look into the source code reveals the difference:
When inserted and opened in the web browser, the actual spelling in the DNS becomes clear:
It maybe too late when discovered in the web browser - the page has been opened and a malware dropped. Therefore recommendations to copy links from e-mails to the clipboard and into the browser are misleading and not preventing this at all.
The last domain, on the other hand, is a classic phishing domain. Registered with the TLD country code .tw somewhere in Taiwan, a domain of Commerzbank is feigned.
All three domains are highly likely to be malicious and should not be visited. Would you have known that? And besides Cyrillic characters, there are a lot more characters in different languages. This leads us to the consequence and best practice:
Do not click on links in mails, chats, PDFs and Office documents!
You are welcome.