@Tutanota

But how to remember to look out for that?

@Tutanota I've had to warn some elderly friends of similar phishing scams. Usually pretending to be a verified company. Nice share. 👏

@Tutanota Unicode domain names are probably the worst idea for cybersecurity since the flash drive autorun in earlier Windows versions. They probably wanted to be "multicultural" and "non-Western-centric" but ended up with a heaven for scammers with marginal legitimate usage. In principle, any browser and email program should show A BIG RED WARNING in presence of that in URL...

@Tutanota
Hackers use lookalike domains to trick you into clicking fake links.

Troubling, the second url looks completely normal to people like me and a few million other persons who are English native speakers and writers

Citibank users might want to block the second domain in UBlock or if running Linux in etc/hosts

And use 2 factor Authorization for Banking.
Payment systems like PP and Sites like E Bay Amazon

NEVER USE AUTO FILL FOR PASSWORDS. Or save form data in the browser

@Tutanota sneaky! I'm not sure I'd see it if they weren't side by side.

@Tutanota

That “a” is not just for Cyrillic but on many other FONTS of other programs too.

@nyovaya
@Tutanota the domain RFC doesn't really enforce a specific encoding. So the society adopted a limited subset of ASCII. But there's also a Punycode RFC which allows any UTF character:

https://en.wikipedia.org/wiki/Punycode

@Tutanota That's why I type banks url.

@Tutanota Always visit your important webpages like banking and e-mail services through links obtained through reputable search engines and is best to have them bookmarked afterwards. If you get e-mail about your Citibank, visit the website from your bookmark, not from the received e-mail. If there is something important, it will be on actual Citibank webpage. If not, then it's not that important.

@Tutanota

@Tutanota That, indeed, is a though one