Until recently, it was strongly recommended that web users check the addresses and the green “https:” characters in the URL boxes of their web browsers when visiting sites where they would be submitting private information such as IDs and passwords.
It was stated that a green “https:” with a correct web address would indicate that your access to the site was secure and trustworthy. Unfortunately, this is not so anymore!
A fraud technique has recently been uncovered, in which a green “https:” with a faked address that looks exactly like the intended correct address may be displayed.
You can see a detailed description and a proof of concept demonstration at http://thehackernews.com /2017/04/unicode-Punycodephishing-attack.html?m=1.
Apparently many popular web browsers fail to detect the fraud, and it is almost impossible for the user not to fall into a phishing trap. The easiest way to avoid a fake site created using this technique is to never click a link to a critical site like your bank’s site, a web-based mail service, etc., where you will be entering your ID and password. We recommend that you type the address into the URL box of your browser every time you visit such a site – at least until you are sure that your browser has been updated.
We would like to take this opportunity to remind you that BCC will never ask you to submit your password. Any e-mail that mentions a service that will be terminated unless you send your ID and password is a fraud and has been sent for the purpose of stealing your password.