Beware IDN homograph attacks: your brand reputation is at risk
Phishing scams are among the Internet's most insidious threats. One click is all it takes to get duped out of money or have passwords stolen. Now, new evidence shows phishing is on the rise with the growing availability of internationalised domain names. Take action! Prevent your brand from being used in an IDN homograph attack.
IDN homographs: can you spot the difference?
Phishing is a hacking technique that uses email and phoney websites to tricks users into sharing their personal information, downloading malware, or both. And the quantity, scope, and sophistication of these attacks is growing. Most recently, generic top-level domains helped fraudsters scam World Cup fans, Apple customers were tricked into updating their profiles to comply with the GDPR, and Facebook and Twitter admitted that countless numbers of fake accounts have been used for social media phishing.
Now, reports indicate that internationalised domain names (IDNs) are increasingly being used to create phoney lookalike domains for phishing purposes. IDNs allow users to register domain names in non-Latin Unicode characters – Cyrillic letters, accents - a growing necessity on today’s multilingual Internet. But non-Latin script also makes it easier for cybercriminals to register domain names for phishing websites that look authentic. Characters in both scripts – Latin and Cyrillic – often look the same and, if you’re not paying attention, you could be easily fooled.
See for yourself. Take a look at this: https://www.аpple.com. Looks like a normal URL that will take you to Apple’s website, right? But when you click on it, you see that it’s an imposter site.
What’s happening here is that the letter “a” in "Apple" is the Cyrillic “a”, not the Latin script “a”. The error message above is showing you a specific Unicode formula called Punycode. While Unicode is the standard for digital representation of all the world’s languages, Punycode converts non-Latin script characters into code which uses the prefix "xn--" and is readable by DNS. This error message is showing you that you've been redirected to a lookalike site.
But, even better, browsers are increasingly providing users explicit warnings like this:
Fake domains hard to detect - eyes open!
That “a” is just one of many characters that have come to be known as “confusables".
Confusables are virtually undetectable to users, email clients, or web browsers. Below is a good example. (For more examples, see this list.)
Scammers rely on these small language script changes to deceive you. All a hacker needs to do is swap out a "I" and replace it with "1" and, before you know it, you're on your way to an imposter site that's been set up to collect whatever personal information it can from you. Commonly known as an IDN homograph attack, this kind of domain name spoofing has many experts concerned.
ICANN prohibits registrars from registering IDNs with mixed character scripts, a precautionary measure intended to limit the potential of homograph attacks from occurring. But a new report from San Mateo-based Farsight Security highlights hundred of mixed character sets which could indicate that not all registrars are following the rules.
According to the report, those most as risk include banking and related sectors as well as mobile device users. A smaller screen size means users have a harder time spotting the telltale confusables used in phoney domains.
Protect your brand from phishing abuse
The growing threat of phishing scams require businesses invest in stronger, more robust online brand protection options. If your domain name falls victim to a phishing attack, you could be facing damages which will be very difficult to fix:
- Damage to your brand reputation and loss of trust
- Less traffic to your website
- Financial loss
Don’t allow your brand to be compromised by bad guys. Be proactive.
- Familiarise yourself – and register your trademark - with ICANN’s Trademark Clearinghouse (TMCH). If a third party tries to register a domain name that matches your TMCH trademark, they will receive a warning that they could be in breach of trademark laws. If they ignore this warning, you will be notified so that you can take appropriate legal action. You'll find more detailed information here.
- If you have registered your trademark with the TMCH, you can purchase a DPML (Domains Protected Marks List) product which will block others from registering a domain name with your trademark. DPML Plus, for example, blocks exact matches as well as misspellings/contains.
IDN homograph phishing is a serious problem and we want to help. If you have a question or need help, let us know. Our Sales team is available to speak with you: +352 263 725 250 or firstname.lastname@example.org.