Are Unicode Domains Really a Security Risk?

I recently read an interesting piece from Mashable that suggested that ICANN allowing non-Latin (Unicode) domain names is a security risk. The problem is that Unicode characters can be rendered in browsers as Latin characters, which opens a new window of opportunity for phishers.

If the domain, created using Cyrillic scripts “raural.com” was registered, the way that Unicode-browsers will actually render that domain in latin is as “paypal.com.” In theory, phishers could pass around that link and set up a fake version of the PayPal site to harvest logins and credit card data.

It is impossible to tell the difference visually. It’s pretty scary. At least, I thought it was until I realized two things:

  1. You shouldn’t click links in emails claiming to be from PayPal or your bank anyway. Just don’t. Type the address in manually.
  2. Websites dealing with money, or other things that require a higher level of security, generally have an SSL certificate signed by a reputable third party.

So if you don’t click links in emails, and make sure that the SSL certificate checks-out, you’ll be safe.

It’s not that big a deal for those of us who have a good general knowledge of computer security, but it still is worrying that phishers are gaining this tool. I’m sure you know plenty of people who could easily fall into this kind of trap.