Have you ever clicked on a link that you thought was safe, only to discover that it was not? That’s the frightening part of a new trick called BiDi Swap. I read about this on BleepingComputer, and I’m amazed at how clever and deceiving it is.
Normally, we read left to right in the English language, but languages such as Arabic or Hebrew read from right to left. Computers are smart enough to display both correctly, but hackers utilize this trick against us.
Here is how they do it in simple steps:
• They add special invisible characters in the URL to change where you read the text from.
• Then the fake link displays as your trusted site (example.com), but takes you somewhere else.
• While looking at the link you think it’s safe, and that’s how they trick you.
This trick works so well because:
• The link looks "normal" to the human eye.
• Security tools may not recognize the text flip.
• It has been around for a long time but is coming back with new variations.
So no matter how careful you are, it's easy to be tricked.
1. A hacker generates a fake link using special right-to-left characters.
2. The link text flips around so what really shows up on-screen looks normal.
3. When you otherwise click on it, you land on a fake website set up to take your information.
For instance:
https://trusted.com.ו.קום/login
The microscopic “ו.קום” (from Hebrew) hides the actual domain.
The browsers — Chrome, Firefox, and Edge — are aware of the incident, but it's impossible to detect every fraudulent link, though they may be malicious.
This tactic raises specific concerns for people who use multiple languages online, or people who work in global companies.
• Always pay attention to the real link before clicking on anything.
• Hover your mouse over links to see what kind of link it is.
• Avoid mixed text — weird symbols or dots, stay away.
• Whenever necessary, type the URL yourself, importantly to sites like your bank or email.
• For people that manage systems, they can also filter out control characters in a link, and train their users about this trick.
So, the next time a link looks a little “off,” trust your gut. Always verify before clicking! One second of taking caution could save you from a very big mess later on.
What is BiDi Swap?
BiDi Swap is a crafty hacker trick that manipulates the way a text displays in a web address (URL).Normally, we read left to right in the English language, but languages such as Arabic or Hebrew read from right to left. Computers are smart enough to display both correctly, but hackers utilize this trick against us.
Here is how they do it in simple steps:
• They add special invisible characters in the URL to change where you read the text from.
• Then the fake link displays as your trusted site (example.com), but takes you somewhere else.
• While looking at the link you think it’s safe, and that’s how they trick you.
Why Is This Deceptive Practice Dangerous?
Have you ever wondered how so many people have fallen for fake links? Well, it's because we trust what we see.This trick works so well because:
• The link looks "normal" to the human eye.
• Security tools may not recognize the text flip.
• It has been around for a long time but is coming back with new variations.
So no matter how careful you are, it's easy to be tricked.
How Does It Work?
Let's keep it very simple.1. A hacker generates a fake link using special right-to-left characters.
2. The link text flips around so what really shows up on-screen looks normal.
3. When you otherwise click on it, you land on a fake website set up to take your information.
For instance:
https://trusted.com.ו.קום/login
The microscopic “ו.קום” (from Hebrew) hides the actual domain.
Who Can Be Tricked and What is Being Done
Essentially, anyone could be deceived — even those in tech.The browsers — Chrome, Firefox, and Edge — are aware of the incident, but it's impossible to detect every fraudulent link, though they may be malicious.
This tactic raises specific concerns for people who use multiple languages online, or people who work in global companies.
How to Stay Safe
Here are some ways to look out for yourself (I use these tips myself):• Always pay attention to the real link before clicking on anything.
• Hover your mouse over links to see what kind of link it is.
• Avoid mixed text — weird symbols or dots, stay away.
• Whenever necessary, type the URL yourself, importantly to sites like your bank or email.
• For people that manage systems, they can also filter out control characters in a link, and train their users about this trick.
Conclusion
BiDi Swap may sound techy, but it basically is just a smart way to disguise a fake URL, just to make it look real. I almost clicked on one once — the site looked exactly like my bank website — only a tiny symbol gave it away!So, the next time a link looks a little “off,” trust your gut. Always verify before clicking! One second of taking caution could save you from a very big mess later on.