Using Characters to Detect Chinese Phishing Threats in Taiwan

Image by ShiiftyShift

OK, I swear I didn’t click anything… but had to sit through a cyber security lecture on phishing at work. The most interesting part of the largely common-sense lecture though was how you can spot social engineering emails through the accidental use of irregular hybrids of simplified and traditional characters and terms more commonly used in China and not in common use in Taiwan.

In the video they say some of these hybrids are “simplified characters” but many of them attempt to disguise themselves as traditional characters unsuccessfully.

I thought I’d point out some of the examples used below:

「大家可以登入健康信息統計系統提交……」

So in Taiwan you rarely here the term 「信息」 at all, and even less in the context of personal health data, whereas 「健康資料」or 「健康資訊」 are much more common. The term「健康訊息」 is also common but refers more to information about health, rather than one’ s own health data. One way to check this is to Google the terms in quote marks and check out the sources of the web pages and the context in which the terms are used.

“健康信息” returns mostly articles from Chinese media, like Xinhua and the People’s Daily in a context very similar to that used in the Phishing email:

Whereas with “健康資料” the first results you’ll see are from Taiwanese government’s health app and Taiwanese universities. The first one is also a 系統 like we saw in the Phishing email:

Continue reading