Fake URLs with Cyrillic letters

Watch out for…

Protect Your Tech - watch outFake URLs with Cyrillic letters

What’s the threat?

Scammers have created a fake URL for the messaging service WhatsApp using letters from the Cyrillic alphabet that look similar to letters in the Latin alphabet (used in English). You can see in the screenshot that the 'w' and 't' of www.whatsapp.com have been replaced. The criminals hope you won’t notice.

The URL appears in adverts for a tool that promises to change the colour of WhatsApp. If you click the link, you’re redirected to a scam site that asks you to share it with your friends, who will receive the message ‘I love the new colors for whatsapp’, and a link to the fake site. Next you’re told to install the Chrome extension BlackWhats but is actually adware.

What should you do?

Google has since removed BlackWhats from its store, eradicating this specific threat. But the hackers haven’t gone away, and are probably looking for new ways to trick people using Cyrillic letters. It’s not a new tactic, and nor are attacks confined to Cyrillic. As explained on Wikipedia (www.snipca.com/24405), hackers have also used Armenian, Hebrew, Chinese and Greek letters to create fake URLs.

But Cyrillic (used across eastern Europe) is the fraudsters’ favourite because it has 11 lower-case characters that are identical – or very similar – to Latin letters and numbers. Hence there’s more potential to deceive users.

As with the fake bank URLs we warned about in Issue 502, the surest way to stay safe is never to click a link online. Instead, bookmark your favourite sites, or type the URL into your browser bar. Also be sceptical of adverts that claim to change how popular sites and services work. They are usually scams. 

New tools

Protect Your Tech - new toolsJust in case you thought otherwise, ‘windows01’ is a lousy password. We had it confirmed by this new site, which uses artificial intelligence to analyse the quality of passwords. If it doesn’t like your suggestion, it explains why. Most other password meters just give you a simple thumbs down, but fail to elaborate.

So when we typed windows01 into its Password field the site gave us three reasons why it’s a howler: it contains a word straight from the dictionary, it doesn’t have numbers in the middle, and it’s only 9 characters long. Next to each warning is a ‘why?’ link – click this for a fuller explanation.

Built by researchers from Pittsburgh’s Carnegie Mellon University and the University of Chicago, the site used a neural network to ‘read’ passwords created by 4,500 people. It soon learnt what made a bad password, enabling it to offer safer alternatives. In our case, that was ‘wi01n7d7wS’, which may be difficult to remember, but is also hard for hackers to guess. 

AI password meter www.snipca.com/24374 

Scam Watch!ScamWatch

Readers warn readers

Sainsbury’s voucher scam

I’ve always been a coupon collector, and used to cut them out of magazines all the time. I suppose I’m the sort of person scammers will be targeting with fake Sainsbury’s vouchers. I saw one for £75 on my Facebook page. It looks genuine, with expiry dates, and the kind of terms and conditions familiar to all coupon users. But I don’t believe anything I see on Facebook, so assumed it was dodgy. Apparently, scammers are also offering vouchers for Asda, Morrisons, John Lewis and Argos. The fraud was reported on my local website, Kent Live: www.snipca.com/24311
Jean Atkinson 

For more ways to protect your tech, try Computeractive magazine.
Subscribe today and get 3 issues for £1, plus a FREE welcome gift.