You mean the thing that has been the source of many cybersecurity issues for years because fonts w&#...

tekla • today at 5:50 PM • 1 reply • view on HN

You mean the thing that has been the source of many cybersecurity issues for years because fonts w/ ambiguous characters and varying levels of "how closely are you actually reading the URL"?

The very thing where sites like gmai1.com that look exactly like the real site phish creds?

Or things that even Google has issues with subdomains?

https://hoxhunt.com/blog/advanced-phishing-attack-using-goog...

The IRS site does use lots of subdomains like https://sa.www4.irs.gov, but even it looks like its using the same design language as the normal site.

Replies

DANmode • today at 8:31 PM

> You mean the thing that has been the source of many cybersecurity issues for years because fonts w/ ambiguous characters and varying levels of "how closely are you actually reading the URL"? The very thing where sites like gmai1.com that look exactly like the real site phish creds?

Yes, that’s the one.

If I’m really paranoid, I’ll:

1.) avoid providing data to that page

2.) cross-reference host IP

3.) find the page on the original URL via search index

alt Hacker News

Replies