About:Config setting that unmasks the true identity of the sender of an e-mail
Some e-mail scammers from Eastern Europe in particular will mask their sending e-mail address using a standard western codepage. The scam may make the e-mail look like it came from Amazon or your local bank when in fact it originated somewhere in Europe or Russia showing the roll-over e-mail address in Cyrillic. The About:Config toggle setting would cause the true e-mail address to be displayed.
被選擇的解決方法
jreisellc said
You're on the right track and your answer does ring a bell. I used this once before. However, it appears that Mozilla has removed the network.IDN_show_punycode toggle.
Try searching this way:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste puny and pause while the list is filtered
(3) Double-click the network.IDN_show_punycode preference to switch the value from false to true
從原來的回覆中察看解決方案 👍 1所有回覆 (5)
Hmm, I think I understand what you're saying. Some Cyrillic letters may look just like "Roman" letters, so the email domain name will appear indistinguishable, like the Apple example in this article:
https://www.xudongz.com/blog/2017/idn-phishing/
The preference mentioned there is network.IDN_show_punycode but I don't know whether that affects email addresses.
Edit: As noted in the next reply, I don't think it affects content in web pages.
由 jscher2000 - Support Volunteer 於 修改
Sorry, I'm pretty sure that setting is for Firefox's address bar, so it wouldn't affect data displayed by a site in a web page. I think you would need an add-on to modify data in a web page.
You're on the right track and your answer does ring a bell. I used this once before. However, it appears that Mozilla has removed the network.IDN_show_punycode toggle.
To ensure clarity: a phisher would send an email with all proper western characters. However with the punycode toggled to yes and you mouse over the email address true email address is displayed often times it is in cyrillic codepage.
It is not only for the location/address bar, but works in other cases like a link on a web page if you hover this link and check the pop-up at the bottom of the window.
It works for normal links on a web page, but not for mailto links and other link types. Do not click these links, but only hover them with the mouse.
www.xn--v-tka.com www.vĸ.com mailto:xxx@vĸ.com
Setting the encoding on the page to Western might also reveal Cyrillic Unicode characters.
You can possibly use a bookmarklet like this to convert a text link to a real link and hover the resulting link (you may have to add an http:// prefix and .com postfix).
- data:text/html,%3Ca%20href="%s"%3E%26lt;%S%26gt;%3C/a%3E
選擇的解決方法
jreisellc said
You're on the right track and your answer does ring a bell. I used this once before. However, it appears that Mozilla has removed the network.IDN_show_punycode toggle.
Try searching this way:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste puny and pause while the list is filtered
(3) Double-click the network.IDN_show_punycode preference to switch the value from false to true