With homoglyph attacks, hackers leverage the similarities of character scripts to create and register phony domains to fool users and lure them into visiting fake sites. For example, they’ll often replace the Latin small letter “o” with Cyrillic symbols. To take advantage of Facebook’s popularity, they might use facebοοk.com instead of facebook.com. It’s virtually impossible to spot the difference; to know for sure, you can use Ctrl + F and search for two o’s.
– To create urgency, hackers create an artificial time constraint, demanding the user complete the action during a specified period of time. For example, you might receive an email saying “your account has been locked, so please reset your account within 24 hours.” This technique is used to instill fear in the users, which is why they often fall for it.
– Emails coming from someone with authority. Hackers will disguise themselves as those who they know have power over their target; for example, they’ll pretend to be the user’s boss, instructing them to complete some type of financial transaction. Or they’ll pose as Facebook’s Security team. To avoid falling victim to this technique, employees can try to confirm the ask with their boss in-person or via phone before taking any next steps.