Management Assistance Program

When is the letter “a” not the letter “a”?

By Jim Calloway

As you know, many of the biggest threats to your law firm’s data security arrive frequently in your inbox.

We have learned to be cautious about unexpected emails with attachments to open or links to click. One of the most important self-protection techniques is to place your cursor on the link so you can see a preview of where the link will take you. If the target site is different than the displayed link, that is a huge red flag, particularly if the link is to a website hosted in certain countries.

The latest attempt to avoid that simple security process we all understand is that some criminals have used international characters to create a fake domain that looks almost exactly like the real domain. Often the letter A is substituted for a Cyrillic letter A, which as you can see in our graphic, is very hard to differentiate. Google has updated Chrome to attempt to deal with this and no doubt other browsers are following suit. But it is a challenge for everyone. There are other letters that can be similarly faked. So be cautious with your clicks. For more information, see Phishing attacks using internationalized domains are hard to block from NetworkWorld.

Originally posted in Oklahoma Bar Association’s Courts and More, June 28, 2023.