Tuta

6 days ago

Tuta
6 days ago

🎣 Phishing Alert!

Malicious attackers use lookalike domains to trick you into clicking fake links. These sites steal logins, banking info & more.

🛡️ Stay safe:
🔹 Double-check URLs
🔹 Don’t log in via links
🔹 Bookmark official sites

👉 Check the full guide: tuta.com/blog/how-to-prevent-p…

Stay alert this #CyberSecurityMonth

#CyberSecurity #Phishing

Image of a hacker with the text:

Spot the difference?

citibank.com
VS
citibank.com

The "a" in the second url is a cyrillic letter, directing to a hacker's website.

How to prevent email phishing attacks - a quick guide. | Tuta

Email phishing scams are one of the most severe cyber threats in our digital world. Here is how to keep your online accounts safe from hackers.

^Tuta

This entry was edited (5 days ago)

in reply to Tuta

Torx

in reply to Tuta 6 days ago

That, indeed, is a though one

in reply to Torx

Tuta

in reply to Torx 6 days ago

@Torx Indeed. :)

@Torx

in reply to Tuta

Cybarbie

in reply to Tuta 6 days ago

@Torx not for a computer

@Torx

in reply to Tuta

Kaito

in reply to Tuta 6 days ago

@Tutanota

@Tuta

in reply to Tuta

Always visit your important webpages like banking and e-mail services through links obtained through reputable search engines and is best to have them bookmarked afterwards. If you get e-mail about your Citibank, visit the website from your bookmark, not from the received e-mail. If there is something important, it will be on actual Citibank webpage. If not, then it's not that important.

in reply to Tuta

Desert Camel

in reply to Tuta 6 days ago

That's why I type banks url.

in reply to Tuta

p̷t̵r̴a̵c̷e̶

in reply to Tuta 6 days ago

@nyovaya
@Tutanota the domain RFC doesn't really enforce a specific encoding. So the society adopted a limited subset of ASCII. But there's also a Punycode RFC which allows any UTF character:

en.wikipedia.org/wiki/Punycode

method of representing Unicode with the limited character subset of ASCII (letters, digits, and hyphen-minus) supported by the Domain Name System; e.g. 日本語 → wgv71a119e; München → Mnchen-3ya

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

@Tuta @Luna Anni

This entry was edited (6 days ago)

in reply to Tuta

Luna Anni

in reply to Tuta 6 days ago

I thought the .com domain only allows latin and special characters?

in reply to Luna Anni

Tuta

in reply to Luna Anni 6 days ago

@nyovaya This is just an example - did you spot it, though? ;)

@Luna Anni

in reply to Tuta

Ox1de

in reply to Tuta 6 days ago

sneaky! I'm not sure I'd see it if they weren't side by side.

in reply to Tuta

LΞX/NØVΛ

in reply to Tuta 6 days ago

use a DNS that block IDN

in reply to Tuta

WilsonSmith

in reply to Tuta 6 days ago

That “a” is not just for Cyrillic but on many other FONTS of other programs too.

in reply to Tuta

Kerplunk

in reply to Tuta 6 days ago

Hackers use lookalike domains to trick you into clicking fake links.

Troubling, the second url looks completely normal to people like me and a few million other persons who are English native speakers and writers

Citibank users might want to block the second domain in UBlock or if running Linux in etc/hosts

And use 2 factor Authorization for Banking.
Payment systems like PP and Sites like E Bay Amazon

NEVER USE AUTO FILL FOR PASSWORDS. Or save form data in the browser

in reply to Tuta

Torf und Schnee

in reply to Tuta 6 days ago

Unicode domain names are probably the worst idea for cybersecurity since the flash drive autorun in earlier Windows versions. They probably wanted to be "multicultural" and "non-Western-centric" but ended up with a heaven for scammers with marginal legitimate usage. In principle, any browser and email program should show A BIG RED WARNING in presence of that in URL...

in reply to Tuta

Anthony Dardis

in reply to Tuta 6 days ago

@jnl that second `a' might be from a Cyrillic font, but both letterforms are legitimate for writing in Cyrillic, as they are for the Roman alphabet

en.wikipedia.org/wiki/Cyrillic…

FWIW Citibank's url is citi.com.

I'm often uneasy about clicking anything that comes by email, like my phone or electric bill. I don't retype the url; either I have it in a browser bookmark or it's in my password manager.

writing system developed in Bulgaria and used for various oriental Eurasian languages

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

@JNL

in reply to Tuta

Ɩƚ

in reply to Tuta 6 days ago

I've had to warn some elderly friends of similar phishing scams. Usually pretending to be a verified company. Nice share. 👏

in reply to Tuta

El Duvelle

in reply to Tuta 6 days ago

wow, that one is tough

in reply to Tuta

jfor

in reply to Tuta 6 days ago

But how to remember to look out for that?

in reply to jfor

Tuta

in reply to jfor 5 days ago

@fae2535 Read the guide ;)

@jfor

in reply to Tuta

Michał "rysiek" Woźniak · 🇺🇦

in reply to Tuta 6 days ago

are you implying hackers are the same thing as cybercriminals? That's kinda un-excellent coming from a company whose services are promoted by hackers to their peers, friends, coworkers, families. Seriously disappointing.

in reply to Michał "rysiek" Woźniak · 🇺🇦

Tuta

in reply to Michał "rysiek" Woźniak · 🇺🇦 5 days ago

@rysiek You're absolutely right, sorry about that!

@Michał "rysiek" Woźniak · 🇺🇦

in reply to Tuta

Michał "rysiek" Woźniak · 🇺🇦

in reply to Tuta 5 days ago

thank you, I appreciate that.

So, when are you editing the image in the original toot that still promotes that misconception?

in reply to Michał "rysiek" Woźniak · 🇺🇦

Ian Campbell 🏴

in reply to Michał "rysiek" Woźniak · 🇺🇦 5 days ago

@rysiek seconded, as a paid account holder and hacker. :)

Fwiw, it’s good to warn folks like this, Tuta (i have a pinned tweet about IDN homoglyph attacks because it’s a pet peeve masto.deoan.org/@neurovagrant/… ) - just keep in mind hackers protecc, not always attacc.

I hope the image is swapped out soon. I expect some level of corporate approval may be delaying action.

Ian Campbell 🏴 (@neurovagrant@masto.deoan.org)

Attached: 1 image Hello friends, I've seen the below image come up a few times elsewhere and am going to expound a little! While the hyperlinks in the image display correctly, those aren't actually the addresses of those sites! Instead, they're th…

^{masto.deoan.org}

@Michał "rysiek" Woźniak · 🇺🇦

in reply to Ian Campbell 🏴

Tuta

in reply to Ian Campbell 🏴 5 days ago

@neurovagrant @rysiek Thanks for your feedback. We've updated the toot, it now reads malicious attackers.

@Michał "rysiek" Woźniak · 🇺🇦 @Ian Campbell 🏴

⇧

Tuta 6 days ago • •

Tuta
6 days ago