Phishing Scam Abuses Unicode Domains
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
Web application developer Xudong Zheng is sounding the alarm about a new and particularly hard-to-spot kind of phishing attack. It takes advantage of a feature in Chrome, Firefox and Opera that enables the browsers to use foreign characters in domain names. So, for example, https://www.xn--80ak6aa92e.com/ looks like https://www. аpple.com in the browser bar. "It may not be obvious at first glance, but 'аpple.com' uses the Cyrillic 'а' (U+0430) rather than the ASCII 'a' (U+0061)," Zheng writes. "This is known as a homograph attack."
Zheng set up a proof-of-concept site to demonstrate how phishing attackers could have used the technique to send visitors to a malicious site.
Microsoft Edge and Internet Explorer are not susceptible to the technique because they do not have support for Cyrillic languages. Apple's Safari browser is also immune.