Scammers take adantage of alphabet similarities.
Could you tell the difference between ‘www.amazon.co.uk’ and ‘www.аmаzоn.co.uk’? Or ‘www.hsbc.co.uk’ and ‘www.hѕbс.co.uk’? If not, you could end up being a victim of cyber crime, thanks to a simple scam that involves swapping characters in web addresses with ones that look similar or even identical. Known as IDN homograph attacks, they’re on the rise, and they’re a very real threat to users and businesses.
In a report by security firm Farsight Security, internationalised domain names (IDNs) were shown to be a popular way for fraudsters to trick users into visiting bogus websites – usually via phishing emails. IDNs exist so people can have web addresses (URLs) that are written in alphabets other than the Latin alphabet used for English. That includes Chinese, Greek, Russian and so on.
The problem is that many characters in these foreign alphabets closely resemble letters in the Latin alphabet. By swapping them out, criminals can create fake URLs that look identical to the real thing, leading victims to websites the scammers control.
In our opening examples, we swapped the letters ‘a’ and ‘o’ in the Amazon address and the letters ‘s’ and ‘c’ with characters from the Cyrillic alphabet. In this website's font, they look similar, but in other fonts they may be visually identical, and the fake URLs could easily lead to a phishing site, where users would think they were logging into their account but where their details were just being stolen.
In Farsight’s ‘Global Internationalized Domain Name Homograph Report’, it’s revealed that there are thousands of look-alike characters that criminals can use in these attacks. So easy is it to carry out this kind of scam, of the 100 million or so IDNs that Farsight analysed, nearly a third of them were said to be fraudulent.
Can You Avoid A Homograph Attack?
What’s particularly worry about this kind of attack is that traditional methods of dealing with it are largely ineffective. Many cyber security solutions are unable to deal with it, and people are unable to tell the difference between visually identical characters. Normally, one of the best ways of identifying phishing emails is if they come from an address that’s clearly wrong or if links in the email go somewhere that doesn’t match up with what you expect. But homograph attacks sidestep that advice, and that’s what makes them so dangerous.
There are, however, still warning signs that you can be on the lookout for, such as emails that have an urgent call to action – for example, telling you to update your account details. You can also keep an eye out for spelling and grammatical errors, as well as other telltale indicators.
Another way to combat homograph attacks is to log into sites directly, rather than following links in emails. So if you get an email asking you to log into your online bank account, for instance, don’t click any links; just open your web browser, type in the bank’s URL and log in directly.
How Cyber Aware Are You?
Training your people to identify phishing attacks is one of the best ways to stay safe. For a low monthly price, our Security Awareness Training & Phishing Simulations service can show you just where you need to improve.