Fake URLS with Cyrillic letters
What’s the threat?
Scammers have created a fake URL for the messaging service Whatsapp using letters from the Cyrillic alphabet that look similar to letters in the Latin alphabet (used in English). Instead of www.whatsapp.com, the URL is http:// çhatsapp. com.com/?colors (see screenshot), with the letters ‘ ç’ and ‘ t’ replacing ‘w’, and ‘t’. The criminals hope you won’t notice.
The URL appears in adverts for a tool that promises to change the colour of Whatsapp. If you click the link, you’re redirected to a scam site that asks you to share it with your friends, who will receive the message ‘I love the new colors for whatsapp’, and a link to the fake site. Next you’re told to install the Chrome extension Blackwhats but is actually adware.
What should you do?
Google has since removed Blackwhats from its store, eradicating this specific threat. But the hackers haven’t gone away, and are probably looking for new ways to trick people using Cyrillic letters. It’s not a new tactic, and nor are attacks confined to Cyrillic. As explained on Wikipedia ( www.snipca.com/24405), hackers have also used Armenian, Hebrew, Chinese and Greek letters to create fake URLS.
But Cyrillic (used across eastern Europe) is the fraudsters’ favourite because it has 11 lower-case characters that are identical – or very similar – to Latin letters and numbers. Hence there’s more potential to deceive users.
As with the fake bank URLS we warned about in Issue 502, the surest way to stay safe is never to click a link online. Instead, bookmark your favourite sites, or type the URL into your browser bar. Also be sceptical of adverts that claim to change how popular sites and services work. They are usually scams.