PayPal Phishing – Homographic Email Body [source: pwncode]

by CIRT Team

There’s an ongoing PayPal Phishing Campaign in the wild which sends HTML attachments that spoof PayPal Forms and request users for sensitive information. This campaign was particularly interesting because the email body was encoded with Unicode characters which look similar to corresponding ASCII Characters.

Homographic attacks are usually performed to craft URLs which look like legitimate URLs by substituting some of the ASCII characters with their look alike Unicode characters.

However, in this particular campaign, the entire email body has been crafted using this technique.

Why apply Homographic Technique to Email Body?

Several Security Analysts as well as Security Vendors write static signatures which are crafted to detect patterns in the email body. The Homographic technique allows these static signatures to be easily bypassed because the attackers can mix ASCII as well Unicode characters to generate different patterns.

As an example, in the email shown in Figure 1 we can see that the email body looks like it’s written in English Language. But if you pay close attention, you will observe that some of the English letters have been substituted with look like Cyrillic characters.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping