Take a look at the above message that WhatsApp users have reported being sent to them via the messaging app. It claims that there is a free £250 voucher up for grabs which you can use to buy your groceries at an ASDA supermarket. Other versions claim that similar vouchers are available for Tesco and Marks & Spencer.
But can you see why you should be wary of clicking?
Well, not only does it sound too good to be true, but take a closer look at that URL the message says you should click on.
Do you see the little mark above the “d” in “Asda”? It’s not a speck of dirt on your smartphone’s screen.
The “d” in the URL is in fact a “đ” (also known as a crossed d, or a d-stroke.)
That’s easy enough to tell when you see the image blown up on your desktop computer screen, but it’s a lot harder to spot when it appears in a WhatsApp message on your smartphone.
The character đ (Unicode U+0111) may not be used in English, but it is used in several other languages – and it turns out that technology’s ability to support a wide variety of languages comes at a cost.
What you’re seeing here is called a homograph attack, which exploits the fact that many different characters look alike. It’s a technique that has made it trivial for internet attackers to exploit near-identical looking characters to dupe unsuspecting users into clicking on dangerous links.
Phishers, for instance, love to use the trick to dupe you into thinking you are entering your credentials into your bank’s legitimate website
The latest spate of messages seen being spread on WhatsApp, as reported by The Mirror and Action Fraud, are not unique attacks, but are worth bearing in mind, when you receive suspicious messages via WhatsApp, SMS, Facebook Messenger, and so on.
Take care out there.
Thanks for pointing this out. You could also mention that it is very important for people to recognise the writing style of the people that sent the message. It should be clear to many people and easier to spot a stupid spelling mistake like "thanks me later"
Also, LOL @ d-stroke ;)
Why on earth would Asda be celebrating "68 years" of service? :-) I can understand 50 or 75 or 100 but 68? Come on!
It's time for ICANN to make a change in the way new domain names are accepted. It's no longer enough to check for an exact duplicate when registering a new domain. The definition of uniqueness for domain names ought to be extended to also exclude domain names that can be used in typo-squatting or homograph attacks. After all, It's hard to imagine any legitimate usage for such domain names.
I Second the Motion!!
Got one of these messages the other day,ignored it.
Thanks for this, Graham. Good information to know & share widely.
I've seen this before. There are apparently many characters that are so close to out chracter set that one can easily be tricked if one is not vigilant about the links one is going to click.
If I find something suspicious I usually Copy and paste it into Notepad. Then I can inspect or Windows will give a message saying there are invalid characters.
Can't always ditch them based on appalling grammar and weird non-native sentence structure, I've seen plenty of corporate emails that would be thrown out on that basis!
It's should be corrected to "homoglyph attack" as the similarity of the characters are being exploited.