
Show HN: How good are you at spotting lookalike domains? - jamieweb
https://www.jamieweb.net/apps/lookalike-domains-test/
======
awillen
The problem with this is that when you do it, you're actively looking for
lookalike domains. The challenge is when an email or link otherwise seems very
legitimate, so you have your guard down.

~~~
kmlx
yes. very much this! it's harder to spot a fake domain when subdomains and
browser shenanigans are involved when writing an email for example than when a
game called "spot the fake" is played.

------
Apocryphon
Could use a countdown clock. This isn’t so challenging if you tahs your time
with it.

------
zamadatix
Anyone else having this issue with the display
[https://i.imgur.com/Bk2Gzee.png](https://i.imgur.com/Bk2Gzee.png)

Edit: figured it out, it seems the font size is based off of the Window size
(which doesn't make any sense) and scales faster than the box scales. Works
best if you make your browser window phone width.

------
Bilters
I was expecting this to be harder as well. With swapped unicode letters. Maybe
you should make them different levels, 1 = easy like you had, 2 = with upside
down letters, 3 = greek letter replacement (unicode swapping)

------
zzo38computer
Fortunately I know the form of a URL (anyone who uses them ought to know, and
if you don't know, then you must learn), and I use a fixed pitch font on the
status bar and location bar. I also fixed it to display only ASCII characters
in the location bar, so that homoglyph attacks are also avoided.

~~~
maxfan8
Most modern browsers are designed to prevent IDN homoglyph attacks by using
Punycode:
[https://en.wikipedia.org/wiki/Punycode](https://en.wikipedia.org/wiki/Punycode)

This shouldn't be much of a concern these days.

~~~
zzo38computer
In the domain name, yes it uses Punycode, and I have configured it to display
the ASCII domain name rather than the Unicode characters; this is an option in
the browser. However, there is also the file name, which there seems no option
to configure, so I used userChrome.js to change it so that it always displays
ASCII for the entire URL and not only the domain name.

------
trumbitta2
darn paypal.corn XD

------
omani
netflix got me.

