The domain http://sɑlesforce.com is available for threat actors to purchase right now. How is this possible? I mean, if it’s taken why is it available?

Experts tells us to “check the URL” as part of their anti-phishing awareness training. So, check the URL and tell me why you think it’s possible to register salesforce.com 🤓

The point of this exercise is to demonstrate that organizations and consumers are being trained in such a way that they end up with a false sense of security. You can’t always tell if a URL is real or fake by just looking at it.

And we now know that 93% of phishing sites start with HTTPS while 40% of malware sites start with HTTPS. So, if you can’t rely on the padlock or the URL, what are we going to do?