Phishing with Unicode

jwarthman · June 24, 2018, 5:16pm

Hello,
I’m a long-time, very satisfied SpamSieve user. Something recently came up on a Mac email list, and it lead me to realize that some phishing email uses Unicode text to obfuscate the URLs.

Here are some articles that discuss this issue:

https://www.theguardian.com/technology/2017/apr/19/phishing-url-trick-hackers

https://thehackernews.com/2018/06/email-phishing-protection.html

https://www.trendmicro.com/vinfo/au/security/news/cybercrime-and-digital-threats/smishing-attacks-leverage-punycode-technique

https://teachthe.net/index.php?title=Cyber_Attacks#Unicode_characters_in_URL_spoof

So my question is, can or does SpamSeive have the ability to flag emails that use Unicode to obfuscate URLs? It seems that the corpus could include suspect Unicode characters that aren’t correctly rendered. But there may be better approaches to flagging such email.

Thanks,

Jim

Michael_Tsai · June 24, 2018, 6:02pm

SpamSieve has special handling for some of this stuff, with more planned for a future version. Although, currently, I haven’t seen a particular issue with these types of spam messages getting through.

jwarthman · June 24, 2018, 6:17pm

Thanks!
Thanks for the speedy reply Michael, that’s good to know.

If the use of Unicode characters proves to be an effective phishing technique, I expect its popularity to skyrocket.

Thanks,

Jim