C-Command Software Forum

Phishing with Unicode

Hello,
I’m a long-time, very satisfied SpamSieve user. Something recently came up on a Mac email list, and it lead me to realize that some phishing email uses Unicode text to obfuscate the URLs.

Here are some articles that discuss this issue:

https://www.theguardian.com/technology/2017/apr/19/phishing-url-trick-hackers

https://thehackernews.com/2018/06/email-phishing-protection.html

https://www.trendmicro.com/vinfo/au/security/news/cybercrime-and-digital-threats/smishing-attacks-leverage-punycode-technique

https://teachthe.net/index.php?title=Cyber_Attacks#Unicode_characters_in_URL_spoof

So my question is, can or does SpamSeive have the ability to flag emails that use Unicode to obfuscate URLs? It seems that the corpus could include suspect Unicode characters that aren’t correctly rendered. But there may be better approaches to flagging such email.

Thanks,

Jim

SpamSieve has special handling for some of this stuff, with more planned for a future version. Although, currently, I haven’t seen a particular issue with these types of spam messages getting through.

Thanks!
Thanks for the speedy reply Michael, that’s good to know.

If the use of Unicode characters proves to be an effective phishing technique, I expect its popularity to skyrocket. :slight_smile:

Thanks,

Jim