Beware Fake URLs with Cyrillic Letters and Malicious QR Codes

Online scammers are constantly evolving their attack methods to try and catch potential victims out. Two tactics that are being increasingly reported are the use of Cyrillic letters, and malicious QR codes.

What are Cyrillic letters?

Cyrillic letters are characters used in the Cyrillic script, a writing system for many languages in Eurasia. Each Cyrillic alphabetic character has a pair consisting of an uppercase letter and a lowercase letter. There are 33 letters in the Russian Cyrillic alphabet, of which 10 are vowel letters, 21 are consonant letters, and two are signs. Many of the letters look very similar to those of Latin alphabets, like A, E, K, M, O, and T – something scammers can take advantage of.

Computers are now able to support Cyrillic alphabets and their letters can be subtly inserted alongside Latin letters. So legitimate URLs to reputable sites, such as those belongings to banks, educational institutions, and much more, can be duplicated with one or two letters changed to Cyrillic. By clicking on the scam link, individuals will be directed to a site created by scammers, who will attempt to dupe them out of their valuable information, or money.

How are QR codes dangerous?

QR codes are increasingly being used within phishing emails instead of the more traditional URL links. Email recipients will be asked to scan the QR code with their phone – perhaps under the pretence of asking them to ‘authenticate themselves’, and will then be directed to a malicious site.

What can you do to protect yourself?

Check URL links carefully, especially when you receive an email or a text with the link, rather than going through a search engine. Do any of the letters look wrong upon closer inspection? Don’t scan QR codes in emails unless you have authenticated the source first. If the email purports to have come from your bank or an organisation you are affiliated with, contact them directly to check it came from them.

Link-shortening services such as Bitly are very popular but they hide the true destination for the link. You can use link-expansion services such as CheckShortURL to reveal where the link will take you, before you click. Just copy and paste or transcribe the link into the checker.

Read another Insight

Recent high profile data breaches have leaked email addresses and passwords.

There has been a recent increase in cyber attacks targeting councils across the UK.

Due to the success of our first wave of recruitment we are now looking to take on more enthusiastic volunteers to support our work in the Regional Cyber Crime Unit.