Online attackers bent on stealing personal information are using visual deception to trick people into visiting malicious websites.
This Facebook post shows how attackers change the shape of a letter to trick you into visiting a malicious website where they will steal your username, password, and then all the money in your bank account. The two Citibank web addresses in the post appear identical at first glance. A closer look shows that one character – in this case, the letter “a” – is slightly different in each one.
This attack is a form of “spoofing,” when someone poses as a legitimate institution in an attempt to obtain personal information. In this instance, the spoofing example exploits the visual similarities between characters in the Roman and Cyrillic alphabet. Other examples of visual deception attackers have used are replacing a lowercase "L" with a capital "I" in some fonts.