Monday, November 13, 2017

And the world's latest phishing attempt is:

Unicode text, yay.  Fuckers.

What's wrong with this e-mail?


Hello, Singapore Airline is giving away 2 Free FirstClass Tickets to celebrate 45th anniversary, Now you can get your tickets too ! go here to get it: http://www.singaporeaır.com/firstclass Enjoy your flight !.


Apart from the fractured chinglish, see anything wrong?


Now have a look at the second last character in the domain name, before the .com.  See it now?


If you mouseover it in Chrome, or copy the link address, what you actually get is:


http://www.xn--singaporear-8zb.com/firstclass



ICANN has seized that domain, but this is the start of a new avalanche of spam with phishing attempts, I suspect.  :(