A Quick Guide to the IDN Homograph Attack

The IDN (Internalized Domain Name) homograph attack, also known by the names “homoglyph” and “script spoofing,” is a method in which an attacker deceives victims by making them believe that the site they are visiting is a genuine one.

Attackers exploit this by putting up domains whose names contain more-or-less similar characters resembling the real characters: for example, using a zero instead of an O. Due to lookalike characters, a victim tends to believe they’re visiting the real site and end up giving these fake sites their credit card details, login credentials, and so on.

In a nutshell, attackers are able to register lookalike domain names by exploiting the similar appearance of certain characters in English, Chinese, Latin and Greek or other scripts.

A character is differently viewed by a browser and user. This is due to the fact that computers support multilingual logical characters; hence, it is very easy to make a user get confused.

One example of such attacks is where Cyrillic characters are used. Cyrillic, whose characters resemble certain other letters in the Latin alphabet (for example, the Cyrillic letter which makes the V sound looks just like a Latin B), can easily be used to spoof domain names.

We can use many online tools to generate such lookalike domains. Most of them create homoglyphs by using lookalike Unicode characters.

Mobile Device Penetration Testing

First, visit this URL: infosecinstitute.com. You will be probably redirected to this site’s homepage.

Now visit this URL: infοѕecinstitute.com. You will be redirected to http://xn--nfsecnstitute-fpj5fx045a.com/

Surprised? That’s exactly what attackers do. They simply register a new domain and then make you believe that you are on the real site. The spoof site may then get passwords and other personal details.

Most of the defenses against homograph attacks include the display (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ronnie Baby. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/aGiY1oCQUIU/