What is Punycode Phishing Attack and how to protect yourself?

What is Punycode Phishing Attack and how to protect yourself?

The internet is a helpful at the same time an extremely scary place. At every moment, you might be at risk of getting scammed.

All those emails you receive about free services and free games, can often put your computer at danger. One of the most dangerous of them are Punycode phishing attack.

As it is, phishing scams were dangerous but now with the implementation of Punycode, phishing scams are becoming harder to spot.

Let us give you some more details about what this means and how you can safeguard yourself from such attacks.

What is a phishing attack?

Phishing attacked have been in the internet for years now.

It is basically a website, which is not authentic but malicious, that is it contains some kind of code which can put your computer at risk.

The website might seem reliable and authentic, sometimes even reliable websites are replicated.

Say, you are logging into your google account, and suddenly you see that you are redirected, or maybe the URL is different, you might not even understand that you are on a malicious website.

You will put all your log on details and your information will be stolen. This is a phishing attack.

Web browsers obviously these days are developed in ways so that you are not at risk of entering a malicious website and fall in the hands of a phishing scam.

There are many security protocols which makes your web browser inform you about the threat and longtime use of the internet has made most users aware about phishing scams and users are much more careful about where they put their information these days.

What is Punycode phishing attack

However, recently there has been quite an alarm in the tech world about Punycode, which once again puts you at a risk of being scammed.

Those who work with internet security have issued warnings that web browsers like Chrome, Firefox and Mozilla are at a risk of not warning you about a phishing scam because of the change in the nature of the code.

The attackers are now making use of Punycode, which almost all browsers recognize and don’t raise an alarm.

The website URL will not sound the suspicion radar on your web browser and you will put your system at risk.

Unicode is the standard way of representing computer language. This is the method computers use to encode the non-Roman languages and accented characters.

Punycode represents the ASCII characters are Unicode characters. Punycode makes two different letters look the same and it becomes hard for your browser to distinguish them and sound the alarm.

Therefore a site is created which looks authentic to your browser and you become a victim of Punycode phishing attack.

Researchers have actually set up website using Punycode, websites that replicate apple.com or PayPal in order to show people how vulnerable they are to such fraudulent websites.

Punycode phishing attack is a serious issue and must not be taken lightly as information might be stolen more easily now.

Even though browsers have promised that they would try to work on something to prevent their users from such scams, many think that domain registers should look into this problem.

Chinese InfoSec researcher has said that no matter how careful a user is over the internet they are still vulnerable to these Punycode phishing attack.

The only web browser that are not vulnerable are, Internet Explorer, Microsoft Edge, Apple Safari, Brave and Vivaldi. But users of Chrome, Firefox and Mozilla are at risk.

How to protect yourself from Punycode Phishing Attack?

While Chrome and Mozilla are developing their browsers that can detect Punycode frauds, you can safe guard yourself against such attacks by a simple method.

Use password managers

Use password managers

Password managers are softwares that store your password and when you enter a website it auto fills your information.

Password managers do not get fooled by Punycode and fall prey to scam attacks.

So while your browser doesn’t recognize the malicious website, your password manager doesn’t fill in the details as it doesn’t recognize the website as the one it is supposed to fill in the information for.

PS: Lastpass is my personal favorite!

That way you are safe from your information being stolen.

Those of you who are using Chrome, you don’t have to worry you can simply update your browser to Chrome version 58.

This version of chrome that has just been released is not vulnerable to the Punycode phishing attacks.

Also you are advised to at all times try to manually enter the address of the website you are looking for on your browser tab.

That way there are less chances of you entering a scam site.

When you don’t do that and choose from a list of options or something, you run the risk of entering into a malicious website.

Firefox users

For those of you who are using Firefox you’ll have to do a simple maneuver in order to safeguard yourself from these attacks.

First, open the browser then in the address bar of your browser you have to type, about: configure and then press enter button.

Then in the search bar you have to enter, Punycode. The setting of your browser will display, network.IDN_show_punycode.

When this comes, you have to double click or right click me select toogle from the drop down that comes. Change the toggle from false to true.

Your browser will now be safe and now vulnerable to Punycode phishing. It will cease to process Punycode and can therefore recognize the malicious website.

Opera users do not have any solution to save themselves from the attacks yet, only the browser has issued a patch, or this vulnerability.

It’s a stable build that can prevent your browser from phishing attacks. It is part of the beta edition and will soon be launched for general usage.

As you can see, the threats over the internet are getting harder to detect and more complicated every day. Attackers are finding new ways to bypass security systems and create codes to steal information.

The only way to save yourself is to ensure that you always enter correct domain name and always have password managers downloaded.

Have some form of internet security installed on your computer or mobile.

1 thought on “What is Punycode Phishing Attack and how to protect yourself?”

  1. Hi Jane,

    We often hear about various kinds of malware attacks on the web. Cyber criminals are curious to steal our data to make money. I hope by using some reliable antivirus apps, we can prevent this attack to some extent.

    I am already using Lastpass which is an awesome tool.

    Thanks a lot for the write up.

    Take care,


Leave a Comment