These domains look a lot like banks’ official domains.
Krebs on Security today published a story about how a financial cybercrime group is using Punycode domains to trick internet users into thinking they’re visiting banks’ websites.
Punycode is what enables internationalized domain names (IDNs). While it’s great for making it easier for people who use non-Latin scripts to access the internet, it also makes it easier for crooks to trick people.
The group calling itself the Disneyland Team (obviously not associated with Disney) is using domains like ạmeriprisẹ[.]com to dupe victims. As Brian Krebs notes:
Look carefully, and you’ll notice small dots beneath the “a” and the second “e”. You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.
Disneyland Team is using Punycode domains to impersonate Chase, KeyBank, Schwab, TDBank and others.
Most modern browsers convert these domains into the format xn-.