Homograph Phishing attack:

A Chinese security researcher has demonstrated a new phishing attack that’s impossible to detect in modern web browsers like Google Chrome, Mozilla Firefox, and Opera. The attack uses such Unicode characters in domain names that look just like the common ASCII characters. For example, “xn--pple-43d.com” is equivalent to “аpple.com”.

It is also called as IDN ( Internationalized domain name ) homograph attack. This also known as script spoofing. This attack caused because of Unicode incorporates numerous writing systems, for an example, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same unique codes.

For an example, Cyrillic “а” (U+0430) and Latin “a” (U+0041) both are displayed as same in many browsers.

This spoofing attack mainly affects the vulnerability of server and URL of browsers.

Punycode Attack:

The puny code is a special encoding supported by International Domain Names System for converting Unicode characters to ASCII character set.  by many web browsers for representing Unicode characters in the URL to prevent Homograph phishing attacks.

When someone chooses a domain name with all character sets from a single foreign language character set, which resemble same as the targeted domain, then the browsers will render it in the same language instead of Punycode format.

For example, A domain name was registered by a researcher as xn--80ak6aa92e.com and bypass protection, then it will appear as apple.com in all browsers. Here, the prefix xn-- is known as “ASCII compatible encoding” prefix. It indicates the web browser that the domain uses ‘punycode’ encoding to represent Unicode characters.

The users can risk detecting phishing attack. So, recommended disabling Punycode support in their web browsers. This will help in mitigating this attack temporarily and also to identify the phishing domains.

Prevent Against Homograph Phishing Attacks:

Firefox:

Firefox users can follow steps to prevent you from such Homograph Phishing Attacks:

  • Type about: config in address bar and press enter.
  • Type Punycode in the search bar.
  • Browser settings will show parameter titled: network. IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to True.

Categorized in:

Tagged in: