Report Details 100+ Domains at Risk from IDN-Related Spoofing

Report Details 100+ Domains at Risk from IDN-Related Spoofing

Researchers have warned of a major phishing threat posed by domain names spoofed using International Domain Name (IDN) homographs.

Attackers can use IDN characters to mimic Latin script, and thus lure unsuspecting users into visiting phishing sites that are “pixel-perfect renditions of the brands they’re impersonating,” according to Farsight Security.

While the security challenges around IDNs are well known, the firm conducted its own research into the area, revealing several real-world examples to underline the scale of the problem.

From October 17 2017 to January 10 2018 the firm observed 125 top domains being subverted by over 116,000 homographs.

“We observed IDN homographs mimicking 125 top ‘phish-worthy’ domains including large content providers, social networking giants, financial websites, luxury brands, cryptocurrency exchanges, and other popular websites,” explained the vendor’s Mike Schiffman.

One example is a phishing site using IDN characters to spoof the social network.

Other big name brands affected included Apple, Adobe, Amazon, Bank of America, Cisco, Coinbase, Credit Suisse, eBay, Bittrex, Google, Microsoft, Netflix, New York Times, Twitter, Walmart, Yahoo, Wikipedia, YouTube and Yandex.

From an end-user perspective the best form of defense is to be suspicious of any unsolicited email regardless of sender — especially ones featuring enticing statements or account log-in links.

Enabling phishing filters, safe browsing and 2FA for log-ins will also help to combat the risk of phishing and account hijacking.

“If you operate a popular website that allows users to interact with one another, log in, purchase and/or download things, chances are your brand (and therefore your users) will be on some target list for phishers and other internet criminals,” continued Schiffman.

“You will want to pay attention to the IDN space, and either try to register IDN domain names proactively that could be used to impersonate your brand, or subscribe to a service that allows you to monitor recent IDN homograph registration and use in an attempt to impersonate your brand.”

Source: Information Security Magazine