Article 5P8CC Microsoft Outlook shows real person’s contact info for IDN phishing emails

Microsoft Outlook shows real person’s contact info for IDN phishing emails

by
Ax Sharma
from Ars Technica - All content on (#5P8CC)
microsoft-800x533.jpg

Enlarge (credit: Drew Angerer | Getty Images)

If you receive an email from someone@arstechnca.com, is it really from someone at Ars? Most definitely not-the domain in that email address is not the same arstechnica.com that you know. The '' character in there is from the Cyrillic script and not the Latin alphabet.

This isn't a novel problem, either. Up until a few years ago (but not anymore), modern browsers did not make any visible distinction when domains containing mixed character sets were typed into the address bar.

And it turns out Microsoft Outlook is no exception, but the problem just got worse: emails originating from a lookalike domain in Outlook would show the contact card of a real person, who is actually registered to the legitimate domain, not the lookalike address.

Read 24 remaining paragraphs | Comments

index?i=zN2tGNPjVos:pVi1AYWlDAA:V_sGLiPB index?i=zN2tGNPjVos:pVi1AYWlDAA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments