We all have received numerous emails, facebook messages or WhatsApp forwards saying that Adidas is giving away free shoes by taking you to a link that looks almost too real to suspect anything. Well if you have been subjected to an attack like this you are not alone. You are a victim of The Homograph Attack. This scam is assisted by Internationalized Domain Name (IDN) which was approved by ICANN in 2010.
What IDN did was to allow international letters to become valid domain names. Before 2010 domain names could only contain English alphabets. But since Oct 2010, many other foreign scripts/letters were allowed to be part of domain names. This was brilliant for users and companies in non-english speaking countries. But it also gave a new avenue for phishing attacks.
What is a Phishing attack?
It is a kind of attack where users are taken to websites that look real but are actually created to steal username/passwords from users. Earlier if the user was a little careful, he/she could have prevented himself/herself from falling prey to phishing attack by looking at the domain names because www.paypal.fakesite.com is not www.paypal.com
But with IDN, www.рayрal.com (the fake one) looks similar to www.paypal.com (the real one). That is because the р used in the fake one is not the English alphabet p, but it is a Russian Cyrillic script. You can check that by copying the above 2 domains and pasting them in the following website which can convert them to Punycode (encoding Unicode to ASCII): https://www.punycoder.com
This type of attack is known as Homograph attack.
What is a Homograph attack?
As discussed above, it is a type of attack where legitimate looking domain names by replacing some letters with international scripts are created by attackers to steal information from gullible users.
How do we prevent ourselves from this type of attack?
Firstly check if the website has SSL certificates. This can be done by looking at the secure lock in the address bar. Secondly, most modern browsers are getting updated to prevent Homograph Attack by detecting Punycode and show the decoded versions. But there is a flaw, at least as of this writing. If all the letters are from the same language/script, then Chrome/Firefox does not seem to flag them. The best way to protect is by using extensions. There are a few extensions that you can install on Chrome and Firefox that can protect you from such attacks. Search the respective marketplace for ‘Punycode’
NetworKing Inc. uses cookies. By continuing to use this website, you are giving consent to cookies being used. Please click on ACCEPT to close this notice.AcceptRead More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
AS always you are fabulous on explaining everything,…Thank you
Very informative :).
well delivered..thank you.
Thanks
thanks, network king…very helpful tips
very informative. Thank you