Flip This Web Logo

Internationalized Domain Names and Homograph Attacks

0 like 0 dislike
853 views
by Camella
With normal spoofing a scammer tries to get personal information by sending fraudulent emails masquerading as an official website an individual might be working with.  While some fall for the deception, many know better since the domain name in the email doesn't resemble the domain name they usually use to access whatever site.  However, what happens if a domain name looks exactly like an official website?

This, in combination with a more 'professional' email, could trick someone into giving away all of their personal data.  And when this happens they will eventually become victims of identity theft.  But, how can a scammer acquire a domain name that looks official?  It's through the unfortunate practice of the homograph attack.

What is a homograph attack?  A homograph attack is when a person makes an internationalized domain name, (also known as an IDN), look like a traditional domain name associated with a popular website.  They are able to do this because of the way internationalized domain names work.  Basically, internationalized domain systems use a different type of coding system than the ASCII-based domain names Americans are used to.

However, even with a different coding system, some languages have characters that look similar to characters used in American English.  Scammers exploit this by taking these letters and creating domain names that look 'new' to browsers and servers, at least in terms of coding.  To the human eye, these fraudulent domain names appear to already be taken, which is exactly what a scammer wants.  They cause further confusion by creating sites that look pretty much like the sites associated with the original domain name that the scammers are spoofing.

Before and even after internationalized domain names became popular, homograph attacks were expressed through spoofing just English characters.  Scammers exploited the visual similarities between 'O' and '0' or 'I' and 'l'.  Examples include 'G00Gle.com or 'PayPaI.com.'  If a person is not paying attention, they could still become victims, but at least these types of domain names still look unusual.  With internationalized domain name homograph attacks, the above-mentioned websites could look just as they are supposed to, fooling even the most vigilant Internet user.

So, how can a person prevent becoming a victim of an internationalized domain name homograph attack?  First, they should never click on any domain name that is given through an email.  Instead, they should enter the domain name manually into their browser.  In situations where one is working with a third-level domain that could be harder to remember, Internet users need to copy and paste the domain name into Notepad.  This program will help them determine what character set and coding is being used for the domain name.  If it's not English and ASCII, a person should be weary.

In conclusion, internationalized domain name homograph attacks can cause a lot of havoc for Internet users.  However, Internet users should find comfort in the fact that while they do need to be aware of the presence of the homograph attack, the traditional method of spoofing which is much easier to spot tends to be more common.  This is because a person must be both clever and lucky to land an internationalized domain name that looks that much like a domain name that is already in use.  It's much easier for scammers to try and fool people through email hyperlinks.

Please log in or register to reply to this post.

Related posts

0 like 0 dislike
0 comments 928 views
Making Money Selling Domain Names

Selling domain names can be quite profitable for webmasters. This is particularly the case if the webmaster sells a domain name that has an existing line of traffic. In these situations domain names can generate thousands of dollars for their webmasters. There have even been domain name names that allowed webmasters to collect ... get you a traffic boost without having to go through the actual process of traffic-building, (if you decide you don't want to do that).

by HuggingDuck
0 like 0 dislike
0 comments 237 views
Misspelled Domain Names

When it comes to search engine keywords, there are some that are potential gold mines that are being ignored. These are ones in which a word or phrase is accidentally misspelled. Usually, the search engine will link to results that contain the correct spelling, but it will still show any websites associated ... webmasters must take caution in which misspelled keywords they choose for their domain names along with whether or not they continue to use it in their content.

by Madept
0 like 0 dislike
0 comments 542 views
All About Mobile Domain Names

When the Internet first came out it was restricted to a wired connection to a computer. Eventually technology improved, creating wireless Internet. At that point the Internet could be accessible through desktops, laptops and mobile devices without wiring. This means that the Internet was now portable. And as more ... of pay-per-clicks or affiliate programs, revenue generators which may not be promoted on .mobi websites due to viewing limitations with banner or text ads.

by Hawkward
0 like 0 dislike
0 comments 883 views
Transferring Domain Names

In the olden days of the Internet, domain name registration was handled by Network Solutions. However, after a while, the government decided that it wasn't fair for one company to have sole control over the domain name market. Therefore, it opened up the business to other companies. Since then hundreds of domain name companies ... a new domain name. It is not as good as an official domain name transfer, but it is still better than nothing if transferring is not an option.

by FlamboyantChomper
0 like 0 dislike
0 comments 304 views
Scam Domain Names

Do you think buying something as simple as a domain name means that industry is free from scams? If you do think again, since everyday hundreds of people get milked out of their money thinking they are going to get a perfect domain name. Granted, fraudulent domain name companies haven't received as much ... occurred, they will proceed with freezing the account of the domain name company. When this happens they cannot do further business until they clear up the discrepancy.

by PlushSeal
Connect with us:
...