Researchers have warned of a major phishing threat posed by domain names spoofed using International Domain Name (IDN) homographs.

Attackers can use IDN characters to mimic Latin script, and thus lure unsuspecting users into visiting phishing sites that are “pixel-perfect renditions of the brands they’re impersonating,” according to Farsight Security.

While the security around IDNs are well known, the firm conducted its own research into the area, revealing several real-world examples to underline the scale of the problem.

From 17 2017 to January 10 2018 the firm observed 125 top being subverted by over 116,000 homographs.

“We observed IDN homographs mimicking 125 top ‘phish-worthy’ domains including large content providers, social networking giants, financial websites, luxury brands, exchanges, and other popular websites,” explained the vendor’s Mike Schiffman.

One example is a phishing site using IDN characters to spoof “Facebook.”

Other big name brands affected included , Adobe, Amazon, Bank of America, Cisco, Coinbase, Credit Suisse, eBay, Bittrex, Google, Microsoft, Netflix, New York Times, Twitter, Walmart, Yahoo, Wikipedia, YouTube and Yandex.

From an end-user perspective the best form of defense is to be suspicious of any unsolicited email regardless of sender — especially ones featuring enticing statements or log-in links.

Enabling phishing filters, safe browsing and 2FA for log-ins will also help to combat the of phishing and account hijacking.

“If you operate a popular website that allows users to interact with one another, log in, purchase and/or download things, chances are your brand (and therefore your users) will be on some target list for phishers and other internet criminals,” continued Schiffman.

“You will want to pay attention to the IDN space, and either try to register IDN domain names proactively that could be used to impersonate your brand, or subscribe to a service that allows you to monitor recent IDN homograph registration and use in an attempt to impersonate your brand.”

Source link


Please enter your comment!
Please enter your name here