Google said Tuesday it’s sorted out an issue that arose after it rolled out a change last week which enabled Gmail to recognize email addresses that contain accented or non-Latin characters.
Soon after the feature was introduced, it became apparent that nefarious types had cottoned on to the fact that it was possible to dupe users into thinking they were receiving mail from a genuine company or user when actually it was coming from a scammer or spammer.
How did it work? Mark Risher of Google’s spam and abuse team explained in a post on the Web firm’s security blog:
“Scammers can exploit the fact that ဝ, ૦, and ο look nearly identical to the letter o, and by mixing and matching them, they can hoodwink unsuspecting victims. Can you imagine the risk of clicking ‘ShဝppingSite’ vs. ‘ShoppingSite’ or ‘MyBank’ vs. ‘MyBɑnk’?”
Risher said the Unicode community has worked to identify dodgy-looking combinations of letters that could be misleading, enabling Gmail to now reject email deemed suspicious via its spam filters.
“We’re rolling out the changes today, and hope that others across the industry will follow suit,” Risher wrote in the post. “Together, we can help ensure that international domains continue to flourish, allowing both users and businesses to have a tête-à-tête in the language of their choosing.”