Extremely comprehensive guide. I did know of these phishing websites before but didn't know the exact method that scammers seem to do this by.

I think that browsers should definitely show these codes by default, or at least have better algorithms that detect when the user is visiting a fraudulent site. Of course it is impossible to keep up with these phishers 100% all the time, but it should at least get periodically updated (this sort of scam has been around for a while now).

The majority of these phishing sites come from google ads as far as I know. You should never click on any of them. Even top search results can sometimes contain these sites if the site is relatively new. As others would have probably suggested, even though bookmarks may seem like a hassle, they are definitely worth it.

Thank you very much Lafu!!!

This is a real achievement for me, so I will remember this first post as a Legendary member and those 3 merits which made it possible for a very long time, probably forever  .

After so many years, I finally got to the most famous Legendary club, it's a little hard to believe, that it is right now and on the other hand it lasted for so long.

Mission accomplished 

Exactly, I was wondering about the exact same thing which is why the hell browsers just don't implement something which will show the real URL, message in a popup or something else which will be really helpful and easy to use and understand. Despite everything as for now, there is no solution provided from browsers creators and all I found was a couple of addons and already written about this a couple of posts above.


This is, of course, true what you have written but outside Google Ads are also plenty of them. I have Ad blockers installed (uBlock Origin) and still already was a couple of times on such phishing websites that use Punycode and Homograph Phishing attacks to steal your passwords and only thanks to my password manager I haven't shared it.

I think we have to prepare for even the worst situation in the future because phishing websites count is growing with insane speeds. Today I have read a great post about this subject in this thread: Re: Half of all Phishing Sites Now Have the Padlock Sign

Wandera - the world's largest provider of cloud security for remote workers, just published its Cloud Security Report for September 2020.

In which they refocus on phishing, looking at the length of phishing URLs compared to safe URLs, but nor only.

Researches from Wandera found that the length of a URL can be a telltale sign of a phishing attack.


Wandera researches warn that spotting suspicious links could be very problematic on smartphones and tablets because modern browsers truncate URLs for a sleeker design.


I encourage everyone to read about Punycode and Phishing attacks, in this report are many interesting pieces of information, like the days of the week in which people visit phishing sites the most.


Here link to the full report: https://www.wandera.com/cloud-security-report-september-2020/

Thank you @Adamvp for your kind words.

I created this thread because I was almost hacked using Punycode attack, thanks to Metamsk and password manager I was able to spot this on time but to be honest, I already started to write a password manually (few first ciphers) when I stopped because something filled wrong about this login.

I was logged in earlier and normally my password and username are automatically filled when I am on the correct website and here it wasn't, despite I was logged in a few minutes earlier and only closed the tab. Additionally on the correct website, when I start to type email or password the login details came up automatically thanks to the password manager, and here it wasn't. Second-time Metamask warned me that I am on a phishing website and didn't let me proceed further.

So, I started to dig this Punycode topic and found that we are almost defenseless because these pishing URLs are exactly the same or almost identical to the original.

I think, I am quite paranoid about privacy and malicious threats and if I was so easily almost hacked I can imagine that many people are vulnerable every day even without knowing it.
So if this thread helps somebody to defend himself or at least to be aware of the danger, then I am ok with that and think that the job is done .

No, not exactly, I had it saved in my password manager, and every time I start to type he show the right option right away and here it was empty.

Still, I didn't realize and started to manually provide the password, luckily I don't know it and I wasn't able to figure it out, luckily I recognized something is wrong
and haven't provided any valuable info to the hackers.

It's really tricky and to be honest, we should check all URLs we are not fully sure of.

I agree but despite everything and that I had one, still, I started to manually log in when there was no response from the password manager.

As I said, I was lucky to recognize something is wrong but can assume that many people can't and login every day on phishing sites.

Thanks to this event, this thread came to existence, I hope that at least a few members more are aware of this threat thanks to my writings.

Don't know to be honest but I fully agree with you that Punycode is the biggest threat for normal internet user today when it comes to browsing the web and using URLs.

Despite many tools I have found and even reviewed in this thread, still I haven't found even one which will be easy to use and widely distributed like an extension or something.

This is for my very surprising that nobody created something like this because taking in consideration the scale of danger, even paid version could be easily a big success

And now shout out to the community, if anybody have seen or uses any tool that helps with Punycode and Homographs, please share!

Thank you very much for your input @Oeleo. It would be great if you can show how it's look like by default in Google browser?

Is there any message shown that this is Punycode, don't understand quite correctly because don't use it from quite some time,

Still, I use Brave which is also build on Chromium and haven't noticed anything to be honest.

I will soon make an tutorial with screens how to set up this on Firefox for less experienced members but would be great to show also some Google examples.

Please explain more exactly how it works on Google now? Does it mean they don't show URLs translated to ASCII only original once?