"Phishing attacks using internationalized domains are hard to block"
The latest version of Google Chrome tackles phishing by restricting how domain names made up of non-Latin characters are displayed by the browser as attackers were using a certain technique involving these characters to create highly convincing phishing websites. Internationalized domain names are converted into ASCII-compatible form then displayed with their non-Latin characters to billions of internet users through browsers that support Unicode, allowing users to read domain names in their native language. Though this process facilitates global internet usability, it also raises issues of security as some characters could be substituted for another set of characters from a different alphabet, matching in appearance. This technique can be used to spoof URLs and launch phishing attacks. This article further discusses how browsers perform checks on these types of malicious activity, how this malicious act was discovered and demonstrated, as well as how Google Chrome and other internet browsers are reacting to this issue.
PCWorld reports "Phishing attacks using internationalized domains are hard to block"