A Quick Guide to the IDN Homograph Attack
The IDN (Internalized Domain Name) homograph attack, also known by the names “homoglyph” and “script spoofing,” is a method in which an attacker deceives victims by making them believe that the site they are visiting is a genuine one.
Attackers exploit this by putting up domains whose names contain more-or-less similar characters resembling the real characters: for example, using a zero instead of an O. Due to lookalike characters, a victim tends to believe they’re visiting the real site and end up giving these fake sites their credit card details, login credentials, and so on.
In a nutshell, attackers are able to register lookalike domain names by exploiting the similar appearance of certain characters in English, Chinese, Latin and Greek or other scripts.
Leveraging Homograph Attacks
A character is differently viewed by a browser and user. This is due to the fact that computers support multilingual logical characters; hence, it is very easy to make a user get confused.
One example of such attacks is where Cyrillic characters are used. Cyrillic, whose characters resemble certain other letters in the Latin alphabet (for example, the Cyrillic letter which makes the V sound looks just like a Latin B), can easily be used to spoof domain names.
Generating IDN Homograph Attacks
We can use many online tools to generate such lookalike domains. Most of them create homoglyphs by using lookalike Unicode characters.
Real-Time Attack Scenario
First, visit this URL: infosecinstitute.com. You will be probably redirected to this site’s homepage.
Now visit this URL: infοѕecinstitute.com. You will be redirected to http://xn--nfsecnstitute-fpj5fx045a.com/
Surprised? That’s exactly what attackers do. They simply register a new domain and then make you believe that you are on the real site. The spoof site may then get passwords and other personal details.
Defending from Homograph Attacks
Most of the defenses against homograph attacks include the display of IDN (internalized domain names) in their Punycode format, thus drastically reducing phishing possibilities. Both Chrome and Firefox have taken adequate measure in their algorithms. ICANN has implemented a policy which prevents registering domains resembling the existing domains.
Though homograph attacks have reduced now, there still remain endless possibilities for attackers to develop more complex spoofing domains. In the end, it goes down to the user to keep eyes open to any danger in the World Wide Web.
You can read what Google has to say about these attacks here.