A scammer is mass messaging our users using this form of messages
π ππ π§ππ£πͺ πππ₯ππ£ππ€π₯ππ. (πππ ) - π₯ππ©π₯ ππ ππ π¨. π π¨πππ₯ π₯π π‘πππ π¦π‘ πΈππΈβ. βππππ ππ€ π₯πππ€ π€π₯πππ ππ§πππππππ, ππ π½ππ£π€π₯ π π¨πππ₯ π₯π π¦π€π π π πππππ₯ ππ ππ ππ£π π πΎπ π πππ ππ πππ π₯π ππππ π€π¦π£π ππ πͺπ π¦ πππ π₯ππ π‘π π€π₯ ππ£π π£πππ
My questions:
Why does the message text look like that? Is that a font?
How does this kind of text bypass the manual RegEx text scanning? We do scan every message to catch any suspicious message.
The characters they used, πΈ (Mathematical Double Struck A (U+1D538)) - π« (Mathematical Double Struck z (U+1D56B)) are part of the Unicode characters, not a separate font.
If you did not think about special Unicode characters when writing your regular expressions then they will not catch those because a simple /\w/ will not match any of those unless you also specify to explicitly match Unicode (often with the flag /u at the end of the expression).
Similarly /A/ will not match "πΈ" simply because they are different characters and that pattern only matches that specific character.
In order to not have to think about every possible way to represent a similar looking character, you can normalize your Unicode before running your regular expressions on them. That way, a consistent representation is guaranteed and you'll have a much easier time to write expressions that match a much wider range of texts.