Nasty tricks in phishing emails

The creators of phishing e-mails always come up with something new

We have all been warned many times about so-called phishing e-mails. These are e-mails that seem to come from your bank, Amazon, DHL, or another company you know, asking you to click on a link (for example, to release a supposedly stalled shipment of goods or to update your address information).

The displayed link and the actual destination URL can be set separately. This is actually also useful, e.g. if you want to write legibly in the e-mail “Here you can find the login to foxondo” and the link that is then called in the background is, which is a bit bulky and looks less nice.

So, it is good if you are careful and do not simply click on a link. After all, it could be that the link is displayed to you and it actually leads to – which leads to another page where your data is fraudulently taken.

But here is the nasty trick.

When you move the mouse over a link, the actual destination is displayed. Let’s assume that the link shows as the destination address – you would think that this is correct, wouldn’t you?

But in fact, the second link leads to another website (or in our example to nothing). Why is this so?

Because only us humans read real letters that are displayed to us on the screen.

Computers resolve these characters, which are readable for us, into so-called Unicode characters, which are understood by all computer systems in the world.

  • And the Unicode “U+006F” stands for the “Latin small o” as we know it here in Europe.
  • The Unicode character “U+043E” stands for the Cyrillic “small o” from the Russian written language.

So for the computer the first link looks like this:
[U+0077U+0077U+0077U+002EU+0066U+006FU+0078U+006FU+006EU+0064U+006FU+002EU+0063 U+006FU+006D]

and the second one like this
[U+0077U+0077U+0077U+002EU+0066U+043EU+0078U+006FU+006EU+0064U+006FU+002EU+0063 U+006FU+006D].

So suddenly your mouse click leads you to somewhere completely different than you wanted. And that can be quite dangerous.

What helps against this?

Do NOT click on links in mails, and instead type in the desired URL yourself in the browser if possible, or call it up from the favorites/bookmarks in your browser if necessary.