Internationalized Domain Names and Homograph Attacks
With regular rumbling, a scammer attempts to obtain personal information by sending fake emails masking an individual as a legitimate website. While some fall into disappointment, many know better, because the email domain name isn't the domain name they normally use to visit any site. But what if a domain name looks exactly like an official website?
This can trick someone to disclose all their personal data with a more 'professional' email. And they eventually become victims of identity theft when this happens. But how can a scammer get an official domain name? This is due to the terrible practice of the homograph assault.
What is an assault by homographs? An attack via homographs is when a person creates an internationalized domain name (also called an IDN) that looks like a traditional domain name linked with the famous website. You can do this because of the way internationalized domain names function. In essence, internationalized domain systems employ a coding system that is distinct from the ASCII based domain names used by Americans.
However, several languages contain characters that appear close to American English characters, despite with a distinct coding scheme. This is used by scammers who take the letters and create domain names that seem 'new' for browsers and servers, at least as regards code. In the human eye, such fake domain names seem to be taken already, which is precisely what a fraudster wants. They create more confusion by establishing sites that appear lot like the sites associated with the original domain name spooofed by fraudsters.
Homographic assaults were represented by mimicking English characters before and even after internationalized domain names became widespread. The visual similarities between 'O' and '0' or 'I' and 'l' were exploited by scammers. E.g. 'G00Gle.com' or 'PayPaI.com.' If someone doesn't pay attention, they may still be victims, although these kinds of domain names at least are rare. The above-mentioned web pages can seem the same way with internationalized domain name assaults that even the most diligent internet user can be fooled.
So how is a person unable to become a victim of an internationalized homographic domain name attack? First, you should never click on any domain name provided by an email. Instead, you should manually input the domain name in your browser. In cases where a third-level domain is used that might be more difficult to remember, internet users have to copy and paste the domain name into Notepad. This application helps them to determine which character set and code for the domain name is used. If it's not ASCII and English, someone should be tired.
To conclude, internationalized domain name homograph attacks may cause Internet users a lot of grief. Internet users should feel comfortable, however, in that while they need to be aware of the presence of the homograph assault, the conventional, much simpler to notice spot approach tends to be more prevalent. This is because someone must be creative and fortunate to land an internationalized domain name similar to a domain name currently in use. For fraudsters it is much easier to attempt to deceive individuals with email links.
Comments