Cybercriminals will go to great lengths to divert Internet users to malicious websites. The latest cybersquatting trend is nearly impossible for untrained eyes to recognize. Over half of the Internet is .com websites, but there’s a whole other side made up of new domains, country code domains, and internationalized domain registrations. Unaware that all of these different options exist, many users are an easy target for this new form of domain spoofing called a homograph attack.

Attackers are registering international domain names for their domain spoofing efforts. International domain names (IDNs) are made up of characters in foreign alphabets and are commonly used outside of the United States in places like the Middle East and China. Domain spoofing attacks capitalize on impersonating the URL of well-known brands. Homograph attacks in particular use IDN domains to do so, by replacing common Latin characters with foreign scripts that share an uncanny resemblance and are commonly undetected by the average user. Cyrillic is the most commonly used alphabet for domain spoofing with the characters “a, c, e, o, p, x and y” looking almost identical to their Latin counterparts.

Xudong Zheng exposed the vulnerability. You can see the example he created of a homograph attack on Apple. The website address below replaces the “a” with the Cyrillic “a”. Can you tell the difference?

Domain Spoofing Apple.com

Virtually undetectable to the human eye 

Domain Spoofing Apple.com IDN

Credit: Xudong Zheng

Although it is an obscure form of phishing, homograph attacks are something to be aware of. These tips will help you protect yourself online.

 

1. Be Proactive with Defensive Registrations

We normally suggest defensive registration as a domain strategy to protect your brand and your customers. It is more likely a large corporate brand will be the target of a domain spoofing campaign. As a solution, we are expanding our domain blocking portfolios to include these odd cases of script spoofing. There are procedures in place that help brands recover abusive domain names but if you are not proactive, it only takes a single phishing attack to betray your customer’s trust and tarnish your brand reputation.

Take a look at the table to the right which highlights a small sample of IDN permutations for Amazon. 

2. Be Aware of the Latest Cybersquatting Trends

Be aware and beware of the types of phishing tactics that exist online so you can avoid having your personal information and brand image compromised.

Cybersquatting

Registering a domain name that infringes on an existing trademark for personal gain or dilution an established brand’s image.

Typosquatting

The domain name includes a common typo of an established brand and benefits from misdirected traffic from the misspelled URL. Typosquatting is a form of cybersquatting in which the domain is registered in bad faith. The domain capitalizes on misdirected traffic from the misspelled URL of another company. For example: fasebook.com

Combosquatting

Combosquatting is the practice of registering domain names that combine a popular trademark with a string of words or phrases. For example: bankofamerica-login-update.com

Homograph attacks

Replace characters in a URL with foreign alphabetical characters to mimic that of another brand’s website address.

3. Be Safe and Take Additional Steps

This particular domain spoofing trend relies on tricking Internet users into thinking they are visiting a website they know and trust. In order to avoid this never copy and paste or click on links in emails. Instead, you should always type the website address in a new browser to be sure you are going to the correct destination. Trust your instinct. If something seems off, it probably is. It always benefits to err on the side of caution rather than become a target for malware, homograph attacks, and phishing scams.