Arguably more security than privacy, but this made me think. I havent considered the use of ambiguous fonts in phishing before. Worth reading.

  • NekuSoul@lemmy.nekusoul.de
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    18 hours ago

    While this is a very special and interestng use of this attack vector, I do think it often gets too much focus, mostly because it’s ignoring a much bigger problem: The average person doesn’t even know what the legit URL of a website should even be, and that starts with the TLD. Was it .com? Or maybe .org? Maybe some country-TLD or maybe one of the thousands of new TLDs like .world or .finance? If you don’t have a perfect memory of every URL of all the websites you’re using, being able to inspect the exact shape of each letter isn’t going to help you.