39.8 F
Washington D.C.
Friday, March 31, 2023

Internationalized Domain Names Create Phishing Risks: Here’s a Solution

When ICANN began to allow registration of internationalized domain names—that is, domain names that use non-ASCII characters—they unwittingly opened a new method for phishing campaigns to succeed. Visual similarities between characters in different scripts, called homoglyphs, can be used to create domain names with visually indiscernible differences that can be used to easily fool users into believing that one domain is actually another.

Without using links, consider the differences between ТесhRерubliс and TechRepublic. One is written normally, with ASCII characters. The other substitutes the Latin-based ASCII characters characters with Cyrillic characters for T, e, c, and p. (The answer to which is written at the bottom of this article.) Russian lends itself well to homoglyph attacks, as the lowercase a, o, x, and y can be rendered identically, as а, о, х, and у, with other possibilities extant in non-Russian Cyrillic characters. Other, less precise homoglyphs are possible as well. For example, the letter i is visually similar to і (Cyrillic) and ì (Latin, with grave).

This is, to some extent, a problem in other languages as well. Consider that Japanese has three writing systems—Hiragana, Katakana, and Kanji. For the company name Mitsubishi, it would normally be written as 三菱 (three diamonds). For Japanese, the kanji for three (三) looks similar to the katakana for mi (ミ), which can lead to confusion. As would be expected, it is possible to mix and match these writing systems when registering domain names. For Traditional and Simplified Chinese, many characters are homoglyphs of each other as well.

Read more from TechRepublic

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles