Vietnamese characters enable scammers to impersonate the websites of legitimate organisations

 Is that a spec of dust on the screen, or a scam URL?

Is that a spec of dust on the screen, or a scam URL?

Scammers are now using near-miss Vietnamese characters to impersonate the websites of legitimate organisations. These are standard looking lowercase letters, but with a hard-to-spot dot beneath – e.g. ḥ ạ ṃ. There are quite a few letters that have this quality - 19 in total - all of which can be used to register a spoof domain. Normally, a business would defensively register look-a-like domains, but in this case there are potentially so many possible combinations that this approach is likely unworkable for many. This probably needs to be fixed in the browser. Until that’s done, be on the lookout for dotted characters in links and website addresses… a sure-fire sign of a scam.

Simon Gibbard