Homographic Domain Name Phishing Tactics



Homographic Domain Name Phishing TacticsBitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, OneNote, and PowerPoint.

“Homograph (also known as homoglyph) phishing attacks are based on the idea of using similar characters to pretend to be another site,” the researchers write. “While most of them are easily recognizable by end-users with proper training (for example, g00gle.com), the homograph attacks based on international domain names (IDN) can be unrecognizable from the domains they are spoofing.”

This technique shows that users can’t rely solely on checking the URL to ensure that they’re not visiting a phishing page.

“Even if a browser decides to display the real name after opening the link, the email client uses the display name in the preview pane,” the researchers write. “Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open. The website that opens even has a valid security certificate and is fully controlled by a threat actor.”

The researchers note that this technique probably won’t become as commonplace as other phishing tactics, but it’s still worth watching out for.

“The good news is that homograph attacks most likely are not going to become mainstream – they are not easy to set up or maintain,” Bitdefender says. “However, they are a dangerous and effective tool used for targeted campaigns by APTs (or advanced persistent threats) and high-level adversaries such as Big Game Hunting by Ransomware-as-a-Service groups– whether targeting specific high-value companies (whale phishing) or high-value themes (for example popular cryptocurrency exchanges).”

TechRadar also reported on this attack, adding that homograph attacks abuse the internationalization of the web. "In the early days of the internet, all domain names used the Latin alphabet, which has 26 characters. Since then, the internet grew to include more characters, including, for example, the Cyrillic alphabet (used in Eastern Europe, and Russia). That gave threat actors a wide playground, as by combining different characters, they can create phishing sites whose URL looks identical to the legitimate site."

New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to recognize social engineering attacks.


Discover dangerous look-alike domains that could be used against you! 

Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

DomainDoppelgangerResults-1Here's how it's done:

  • Get detailed results of look-alike domains found similar to your primary email domain
  • You can now quiz your users with your look-alike results
  • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
  • It only takes a few minutes to discover your “evil domain twins”!

Find Your Look-Alike Domains!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/domain-doppelganger



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews