We all have received numerous emails, facebook messages or WhatsApp forwards saying that Adidas is giving away free shoes by taking you to a link that looks almost too real to suspect anything. Well if you have been subjected to an attack like this you are not alone. You are a victim of The Homograph Attack. This scam is assisted by Internationalized Domain Name (IDN) which was approved by ICANN in 2010.

What IDN did was to allow international letters to become valid domain names. Before 2010 domain names could only contain English alphabets. But since Oct 2010, many other foreign scripts/letters were allowed to be part of domain names. This was brilliant for users and companies in non-english speaking countries. But it also gave a new avenue for phishing attacks.

homograph attack
What is a Phishing attack?

It is a kind of attack where users are taken to websites that look real but are actually created to steal username/passwords from users. Earlier if the user was a little careful, he/she could have prevented himself/herself from falling prey to phishing attack by looking at the domain names because www.paypal.fakesite.com is not www.paypal.com

But with IDN, www.рayрal.com (the fake one) looks similar to www.paypal.com (the real one). That is because the р used in the fake one is not the English alphabet p, but it is a Russian Cyrillic script. You can check that by copying the above 2 domains and pasting them in the following website which can convert them to Punycode (encoding Unicode to ASCII): https://www.punycoder.com

This type of attack is known as Homograph attack.

What is a Homograph attack?

As discussed above, it is a type of attack where legitimate looking domain names by replacing some letters with international scripts are created by attackers to steal information from gullible users.

How do we prevent ourselves from this type of attack?

Firstly check if the website has SSL certificates. This can be done by looking at the secure lock in the address bar. Secondly, most modern browsers are getting updated to prevent Homograph Attack by detecting Punycode and show the decoded versions. But there is a flaw, at least as of this writing. If all the letters are from the same language/script, then Chrome/Firefox does not seem to flag them. The best way to protect is by using extensions. There are a few extensions that you can install on Chrome and Firefox that can protect you from such attacks. Search the respective marketplace for ‘Punycode’

Hope this helps. Stay safe.