Beware behind the look: Cyrillic Characters in Phishing Emails

Beware behind the look: Cyrillic Characters in Phishing Emails

Phishing emails are a constant threat, and cybercriminals are always devising new tricks to steal your personal information.

One tactic gaining traction is the use of Cyrillic characters to create deceptive domain names in email addresses and website links.

What are Cyrillic Characters?

Cyrillic is an alphabet used in many Eastern European and Slavic languages like Russian, Ukrainian, and Bulgarian.

While some Cyrillic letters resemble Latin characters, they represent entirely different sounds.

This similarity is what phishers exploit.

How Do They Trick You?

Phishers substitute certain Cyrillic characters for their Latin counterparts in domain names. For example, I can create a lookalike domain to my blog using Russian letter.

Unaware users might not notice the subtle difference and click on the link, leading them to a fake website designed to steal login credentials, credit card details, or other sensitive information.

A Real Example

In the screenshot below, we see a message supposedly sent from the domain It looks really legitimate.

However, the logo looks cut off and email design is unusual.

The fact is that the domain we saw above was not legitimate, because the characters are in fact the Cyrillic letters instead of real “р”!

Some browser or email client really don't have a way to properly display these character, so they might look exactly like Latin letters.

Only after you paste this domain to application that support this alphabet, you can see the differences.

There are glyph characters that looks like English or Latin characters, for example:

How to Protect Yourself

Here are some tips to stay safe from Cyrillic character phishing:

  • Inspect Sender Addresses Closely: Don't rely solely on the displayed name. Hover over the sender address to see the actual email address. Look for any inconsistencies or unusual characters, especially Cyrillic letters where Latin characters would be expected.

  • Scrutinize Website Links: Before clicking a link, hover over it to see the actual URL displayed at the bottom of your browser window. Be wary of any URLs with Cyrillic characters or slight misspellings of legitimate website names.

  • Think Before You Click: If an email seems suspicious, especially one with an urgent tone or a tempting offer, don't click on any links or attachments. It's better to be safe than sorry.

  • Verify Information Independently: If an email appears to be from a legitimate source like your bank, don't click on any links within the email. Instead, log in to your account directly by typing the website address into your browser window or using the official app.

  • Use Security Software: Consider using antivirus and anti-phishing software that can help identify and block malicious websites.

Stay Vigilant!

By being aware of this tactic and following these simple tips, you can significantly reduce your risk of falling victim to Cyrillic character phishing scams.

Remember, cybercriminals are constantly evolving their methods, so staying vigilant and practicing good security habits is crucial in protecting your information.

Did you find this article valuable?

Support Nguyen Duc Chinh by becoming a sponsor. Any amount is appreciated!