Beware of Internationalized Domain Name (IDN) Homograph Attacks

Hackers can use Unicode tricks to hide phishing URLs by replacing Latin characters with Cyrillic characters. This allows them to create visually similar domain names that can deceive users. 

If you look closely at the screenshot showing a web page opened in Firefox, the URL in the address bar shows "аpple.com" with a Cyrillic "а" (U+0430) instead of the ASCII "a" (U+0041) and there is also a padlock icon. A security researcher named Xudong Zheng created this proof-of-concept domain & an accompanying security certificate to illustrate an internationalized domain name (IDN) homograph attack


Although Chrome and Edge browsers may provide warnings about potential hacks involving homographic URLs, it is important to remain cautious of similar scams conducted through other methods. 

How to fix this issue? Look for options through browser settings or extensions to disable IDNs or display them using Punycode so that the browser will render the URLs in a way that reveals any potential homograph attacks, making it easier for users to recognize and avoid phishing scams.

Punycode is a representation of Unicode with the limited ASCII character subset used for Internet hostnames. Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphens, which is called the letter–digit–hyphen (LDH) subset. 

Comments

Popular posts from this blog

Maven Crash Course - Learn Power Query, Power Pivot & DAX in 15 Minutes

"Data Prep & Exploratory Data Analysis" course by Maven Analytics

Oracle Cloud Infrastructure 2024 Generative AI Professional Course & Certification Exam (1Z0-1127-24)