Arguably more security than privacy, but this made me think. I havent considered the use of ambiguous fonts in phishing before. Worth reading.
Arguably more security than privacy, but this made me think. I havent considered the use of ambiguous fonts in phishing before. Worth reading.
While this is a very special and interestng use of this attack vector, I do think it often gets too much focus, mostly because it’s ignoring a much bigger problem: The average person doesn’t even know what the legit URL of a website should even be, and that starts with the TLD. Was it .com? Or maybe .org? Maybe some country-TLD or maybe one of the thousands of new TLDs like .world or .finance? If you don’t have a perfect memory of every URL of all the websites you’re using, being able to inspect the exact shape of each letter isn’t going to help you.
TIL I’m not the average web user. Not suprising, since I use Arch (btw), and I’ve done web dev projects. Do average people really just look up the url every time?
My dad used to put “Google” in the omnibar (adressbar), hit enter, then click the first Yahoo search result for google.com, then enter his actual search query into Google.
Remarkable.