Punycode domain names have the ability to make a URL look like a different site name, including apple.com.
The Loop recently came across a document referring to Punycode, which is a type of Unicode that uses character subsets, that could allow someone to create a domain name that would look, on the surface, like a completely different URL.
While it's a particularly ingenious bit of trickery, you shouldn't worry too much. You can avoid getting caught by such a scheme by manually entering site URLs instead of clicking on links from unknown sources; additionally, you should be able to trust directly navigating to a website from Google or another popular search site.
Web developer Xudong Zheng explains the vulnerability in detail on his blog how it is possible to register domains with foreign characters by converting it. He specifically calls attention to the fact that it would be possible for someone to register a URL with characters that would look like Apple's domain, complete with a secure connection.
From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com".
So no, every site you visit isn't suddenly a potential phishing scam looking to capture your private information. That said, we'll use this as a reminder to be vigilant while you're out and about on the web: Be smart and avoid clicking links from emails or unknown sites. To be extra careful, you can use the web link feature of your password manager to go directly to a site.
- How to use two-factor authentication
- How to protect your data from being hacked
- Best practices for staying safe on social media
- Best VPNs for public Wi-Fi networks
- Best ways to secure data when crossing borders
- Best ways to increase iPhone and iPad security
- How to back up your iPhone, iPad, and Mac
- Differential privacy — Everything you need to know!