URL Homograph (Unicode) Attacks

More than a decade ago ICANN (the Internet registration authority) allowed the registration of internationalized domain names, regionalized for various languages and alphabets, spelled using Unicode characters. Some of these Unicode characters are visually identical to standard Latin characters. This visual resemblance has opened the door for attackers to register domains that can fool users that don’t pay close attention to the URL string. The use of these visually identical characters for malicious purposes is called a “homograph attack.”

How can we protect ourselves from homograph attacks?

Browser tools have been created, such as Punycode Alert and the Quero Toolbar, to aid users in alerting them of potential homograph attacks. Users have the discretion of adopting them alongside the built-in security mechanisms in today’s browsers. However, no tool can replace vigilance when browsing online and a solid cybersecurity hygiene. This includes:

    • Regularly updating your browser (They may be your first line of defense against homograph attacks)
    • Confirming that the legitimate site you’re on has an EVC
    • Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring that the visible link is indeed the true destination.

Remember: Eyes open.

Stay safe!

The team from Phish.ai has developed and released a Google Chrome extension that can detect when users are accessing domains spelled using non-standard Unicode characters and warn the users about the potential of a homograph attack.

Source: Chrome Extension Detects URL Homograph (Unicode) Attacks