Attackers are registering international domain names for their domain spoofing efforts. International domain names (IDNs) are made up of characters in foreign alphabets and are commonly used outside of the United States in places like the Middle East and China. Domain spoofing attacks capitalize on impersonating the URL of well-known brands. Homograph attacks in particular use IDN domains to do so, by replacing common Latin characters with foreign scripts that share an uncanny resemblance and are commonly undetected by the average user. Cyrillic is the most commonly used alphabet for domain spoofing with the characters “a, c, e, o, p, x and y” looking almost identical to their Latin counterparts.
Xudong Zheng exposed the vulnerability. You can see the example he created of a homograph attack on Apple. The website address below replaces the “a” with the Cyrillic “a”. Can you tell the difference?
Virtually undetectable to the human eye
1. Be Proactive with Defensive Registrations
We normally suggest defensive registration as a domain strategy to protect your brand and your customers. It is more likely a large corporate brand will be the target of a domain spoofing campaign. As a solution, we are expanding our domain blocking portfolios to include these odd cases of script spoofing. There are procedures in place that help brands recover abusive domain names but if you are not proactive, it only takes a single phishing attack to betray your customer’s trust and tarnish your brand reputation.
Take a look at the table to the right which highlights a small sample of IDN permutations for Amazon.
2. Be Aware of the Latest Cybersquatting Trends
Be aware and beware of the types of phishing tactics that exist online so you can avoid having your personal information and brand image compromised.
Registering a domain name that infringes on an existing trademark for personal gain or dilution an established brand’s image.
The domain name includes a common typo of an established brand and benefits from misdirected traffic from the misspelled URL. Typosquatting is a form of cybersquatting in which the domain is registered in bad faith. The domain capitalizes on misdirected traffic from the misspelled URL of another company. For example: fasebook.com
Combosquatting is the practice of registering domain names that combine a popular trademark with a string of words or phrases. For example: bankofamerica-login-update.com
Replace characters in a URL with foreign alphabetical characters to mimic that of another brand’s website address.
3. Be Safe and Take Additional Steps
This particular domain spoofing trend relies on tricking Internet users into thinking they are visiting a website they know and trust. In order to avoid this never copy and paste or click on links in emails. Instead, you should always type the website address in a new browser to be sure you are going to the correct destination. Trust your instinct. If something seems off, it probably is. It always benefits to err on the side of caution rather than become a target for malware, homograph attacks, and phishing scams.