For many of you, not clicking on email links is an obvious choice. You wonderful folks are the ones who follow best practices and use a bookmark or browser search to access information given to you in an email. However, there are braver souls out there who prefer to live on the wild side. They hover over links and then determine whether or not it is safe to click.
The argument I hear is…”I know the URL is correct, I have it memorized”. Here is the problem. Unicode is used to determine what character should be displayed in a field. It incorporates tons of different writing systems from various languages by giving each character of each language a different code. This is done even if they look the same to the naked eye. So an English “a” is considered to be a different character than a Cyrillic “a”, even though they look identical. This allows hackers to create fake websites with domain names that look official right down to the domain name. There is no way to tell by looking at them, which one is legitimate.
The fun doesn’t stop there. Even if our hacker isn’t sophisticated enough to use the Unicode trick, there are several letters on a keyboard that are extremely similar and can be confused for one another. For example, the letters “I” and “l” are two different letters on the keyboard but look almost identical on the screen.
As clever as the hover trick is, if your hacker is using any of these techniques, you will end up with a data breach. To truly make sure you aren’t going somewhere you would rather not, stick with the bookmarks and browser search results. Those will take you to the right website every time.