With regular spoofing, attackers attempt to obtain individual data through sending fake emails which appear to be from an authentic site person may be using. Although a few fall victim to this trick, a lot know better because the link provided in the email does not appear to be the domain name they utilize typically to get to the website. Nevertheless, if a domain name appears to be precisely the same as an authentic site, what happens?
This, mixed with a more “pro-looking” email, may trick someone into giving away every bit of their individual data. When this occurs, the person will be an identity theft victim eventually. Yet, how may a scammer get a domain name which appears to be authentic? Homorgraph attacks, sadly, allow the hacker to do so.
What is the definition of a homograph attack? It is when an individual creates a internationalized domain name (IDNs), appear to be a conventional domain name related to a popular website. They can do this due the the manner in which internationalized domain names function. Basically, IDN systems utilize another kind of coding system than ASCII-based domain names that U.S. citizens are accustomed to.
But, even with a different coding system, some languages have characters that look similar to characters used in American English. Attackers take advantage of this by using these letters/characters to make domain names that appear to be ‘new’ to browsers and servers, at least win respect to coding. To the naked eye, these fraudulent domain names seem to be taken. This is exactly what the hacker hopes to accomplish. And, they take it a step further by setting up sites that look a whole lot like the sites that are associated with the original domain name – the one that is being spoofed by the scammer.
Prior to and even post the popularity of IDN’s, homographic attacks were used by spoofing mere English characters. Hackers took advantage of the visual similarities between 0 and O and l and I. Some of these instances are PaypaI.com or G00Gle.com. If an individual doesn’t pay attention, they might still become a victim, yet at least these kinds of domain names continue to appear to be strange. With IDN homographic attacks, the former sites may appear just like they’re meant to, even deceiving one of the most vigilant users.
So, how can a person prevent from becoming a victim of an internationalized domain name homograph attack? First, they should never click on any domain name that is given through an email. Instead, they should enter the domain name by hand into their browser. In situations where one is working with a third-level domain that could be harder to remember, users need to copy and paste the domain name into Notepad for filtering. This program will help them determine what character set and coding is being used for the domain name. If it’s not English and ASCII, a person should be weary.
All in all, IDN name homograph attacks may result in much stress for users of the web. Nevertheless, those using the web should gain comfort in knowing that whilst they must realize that homograph attacks exist, the conventional spoofing technique that is a lot easier to see is usually more common. The reason for this is that an individual has to be fortunate and intelligent to get an IDN which appears to be a lot similar to a domain name which is already utilized. It’s a lot more simple for scammers to attempt to trick people using links in emails.
Loading ...
