14 DAY TRIAL // Scammers can mislead users with harmful messages that combine non-Latin characters, but Google announced that its Gmail anti-spam filters are ready for the new challenge.
Non-Latin characters were not supported in Google’s email service until last week, and with this, special precautions had to be taken in order to prevent abuse.
Highly exploitable by scammers is a text that appears legitimate but it combines non-Latin characters resembling the original. Used mostly in spam and phishing, users are deceived to access the services of one entity, when in fact they are steered towards a malicious location.
Mark Risher from Google’s spam and abuse team provides some examples in a blog post, showing how different characters are similar and can be used for deceiving unsuspecting users.
“MyBank” and “MyBɑnk” look very much alike, and unless users pay sufficient attention, they could easily fall into the trap of a spammer.
Spammers have employed this cunning practice, sending out messages with Cyrillic, Greek and even IPA symbols that replaced Latin characters. This trick would be enough to evade spam detection engines.
Back in April, security researchers from Kaspersy discovered a campaign relying on this sort of deceit to target users in Italy, who received fake emails purporting to be from various legitimate entities.
In this context, the method chosen by Google to protect its users from fraudulent email is to detect messages that combine different character sets and prevent them from reaching the user’s inbox.
The reason for this is that there is little legitimate use of such domains and cybercriminals are more likely to abuse the model.
In its fight against spam, Gmail does not accept “whitelisting” requests from bulk senders. As such, there is a chance that legitimate email may reach the spam box, because not all legitimate messages can bypass their anti-spam filters.
However, users have the possibility to mark any email as “not spam” so that the problem is corrected and the erroneously flagged as spam are delivered to inbox.
At the moment, not all email providers on the market have taken measures to globalize their services by adding support for non-Latin characters.
Implementing this feature and protecting customers against spam or phishing may be pretty difficult to handle.
Some antivirus products incorporate support for spam in non-Latin characters for plenty of time but with Gmail now incorporating this functionality, users have another layer of protection against unsolicited emails.