Google said Tuesday it’s sorted out an issue that arose after it rolled out a change last week which enabled Gmail to recognize email addresses that contain accented or non-Latin characters.
Soon after the feature was introduced, it became apparent that nefarious types had cottoned on to the fact that it was possible to dupe users into thinking they were receiving mail from a genuine company or user when actually it was coming from a scammer or spammer.
How did it work? Mark Risher of Google’s spam and abuse team explained in a post on the Web firm’s security blog:
“Scammers can exploit the fact that ဝ, ૦, and ο look nearly identical to the letter o, and by mixing and matching them, they can hoodwink unsuspecting victims. Can you imagine the risk of clicking ‘ShဝppingSite’ vs. ‘ShoppingSite’ or ‘MyBank’ vs. ‘MyBɑnk’?”
Risher said the Unicode community has worked to identify dodgy-looking combinations of letters that could be misleading, enabling Gmail to now reject email deemed suspicious via its spam filters.
“We’re rolling out the changes today, and hope that others across the industry will follow suit,” Risher wrote in the post. “Together, we can help ensure that international domains continue to flourish, allowing both users and businesses to have a tête-à-tête in the language of their choosing.”
- Google Assistant adds smart home bells and whistles in time for the holidays
- Google strips the color from its redesigned apps, but a little goes a long way
- Mozilla’s built-in price-tracking extension makes it easy to shop with Firefox
- Chromebooks will finally get the tablet mode they always needed
- Security platform Abode has produced a new smart home automation engine