WTF?*

OSINT Essentials
2 min readSep 4, 2019

--

* What’s that font?

On September 3, “Uncertified Ethical Hacker” Inti De Ceukelaire posted a Twitter thread drawing attention to a widely used tactic that still elicits shocked expressions every time you demonstrate it:

As Inti pointed out, this trick is pulled off by substituting a lowercase “L” with an uppercase “i” (I’ve reversed it here for the sake of being clear on what the letters actually are).

As well as the points mentioned, it’s also worth pointing out that the fakery is helped by internet services defaulting to sans serif fonts — for the typographically challenged, those are fonts without the little stylistic “tails”.

Here’s an example I regularly use in training workshops. Only one of the four is a correct rendition of the US president’s Twitter handle — something that becomes clear when I copy and paste them below, and then change the typeface to Times New Roman, a serif font.

The tactic can be used not only for social media usernames, but also for urls. Clicking on this link:

Picture of a link that appears to read google.com
Go on, try it — click here on googIe.com

is not going to help you find what you’re looking for…

Unless that happens to be real estate in North Carolina:

Screenshot of the home page of googie.com, a website for a real estate company

The use of the trick in urls can be deployed to impersonate popular websites, or spoof links that are included in phishing emails.

So be wary. If in any doubt, type out the url yourself, instead of clicking on it.

--

--