Unicode is great because it supports multiple languages simultaneously, bringing international understanding, universal peace, and planetary love. And so is ICANN's decision to allow domain names that use non-Latin alphabets. Until both combine to steal your credit card numbers.

Or your login name, passwords, address, or whatever other data a phishing site can get from you.

Until now, there was an easy way to test if a site was legit or not: You just look at the browser URL. If it's not paypal.com or amazon.com or whatever.com, then it's not those companies' web sites, no matter how well they clone their layout and graphics.


The problem will come in 2010. That's when sites' URLs would start popping in non-Latin alphabets like Cyrillic. And that's when there will be cases of mistaken identity: Just check the image above, in which the russian word "raural" becomes "paypal." According to trademark expert Charlie Abrahams, of MarkMonitor:

The risk for general brand abuse is going to increase exponentially. It's difficult enough in English. At present, most e-mail phishing does not use anything that resembles the real site name. We could see the level of sophistication in phishing attacks increased by the use of foreign languages.

Can you see what this is going to be bring? Yes, unless someone comes up with rules soon, this will bring a big bag full of hurt. [The Times via Masable]


Note: To those readers who said there's no "l" in the Cyrillic alphabet, you are right, there's no "l" in traditional Cyrillic, but there is in the extended Cyrillic supported by Unicode.