Unicode domain spoofing for Firefox, Chrome, and Opera users

David Bisson wrote:

Attackers can evade a security mechanism and abuse Unicode domains to phish for the login credentials of Chrome, Firefox, and Opera users.

Security researcher Xudong Zheng has developed a proof-of-concept that exploits an issue in some web browsers.

A IDN homograph attack exploits the fact that characters used in a single or multiple writing systems look similar to one another when displayed by web browsers. For instance, a Latin C looks similar to a Cyrillic C, while just in the Latin alphabet alone, two uppercase "i's" look the same as two lowercase "l's". In 2015, a security researcher demonstrated this latter similarity with respect to Lloyds Bank.