[deanhills]

You did good @arsalahmed786. No worries. Bottom line, it's alerted us to the potential of how easy phishing has become without even phishing. Scary in fact.

Thanks to @TrK for the tip about Firefox. However, I was unable to find IDN_show_punycode. Closest I got was network.IDN_show_punycode. I guess this is the one I should make true then?

When I search the about.config on punycode it also comes up with:
network.standard-url.punycode-host which is set to default "true".

Just want to make sure I did the right thing. I only changed the network.IDN_show_punycode to "true" - so both the above to do with punycode is true.

---

Follow up:  I changed it back after I read the Mozilla Firefox KB article about it:
http://kb.mozillazine.org/Network.IDN_show_punycode

Looks as though Mozilla Firefox has taken care of the problem in its "false" (default) toggle:

Even if this preference is false, only top-level domain that are whitelisted will be displayed in Unicode.

This makes me feel a little better.

Must say this warning in this thread really "spooked" me. Particularly when my Bank seems to be a target and even warning me in its literature. So I guess I should only use Mozilla Firefox when I do my banking?