Unicode Domain Names

April 24, 2017

Recently there has been a resurgence of “phishing” websites which have one goal in mind: to get your personal information. Keeping an eye on the domain name of the website that you are visiting is always important, but recently it has become quite an issue for major companies that you wouldn’t often think twice about trusting.

Unicodes are basically short codes that can be used as an alternate way of displaying traditional keyboard characters, or at least characters that look like them at first glance. Take a look at an example provided by The Guardian: https://аррӏе.com. If you look in the address bar, depending on your browser (which I’ll get into later), it will appear to be the domain “apple.com”, but don’t be fooled. This domain is actually converted by your browser to appear like that. The actual domain is: “https://www.xn--80ak6aa92e.com/”, which is definitely NOT apple.com. Don’t let the SSL (Secure Sockets Layer) on the domain fool you either, that only means you have a secure connection with the phishing website. Anyone can get an SSL.

One thing to keep in mind when browsing the internet is keeping your browser updated, which is very important for security reasons exactly like this. Chrome’s newest update has provided a fix for this Unicode domain name problem, but only if it is updated. If FireFox is your browser of choice, you may want to be more careful because they haven’t developed a fix yet.

Nevertheless, the odds of running into this problem are quite slim and you most likely won’t encounter it through traditional browsing so just be careful of where you enter your private information! If you’re concerned that a website might be a fake, try copying and pasting the address from the URL into an application like Notepad on Windows or TextEdit on Mac. This should strip the Unicode properties, and show the actual domain. Browse safely!


Jason is a Web Consultant here at Sephone and the newest addition to the support team!

Leave a Reply

Your email address will not be published. Required fields are marked *