You might not have heard of the newest, and arguably, sneakiest and nastiest form of web
based phishing called Homograph Attack. The likelihood is that your web browser is doing
everything it can to protect you from these deceptive attacks. However, these fraudsters are
doing everything they can to ensure that you don’t know you’re being deceived.
The basic premise of a homograph attack is that coded URLs can be used to hoodwink the
user into thinking they’re on a legitimate and friendly website, whereas they are actually
being shown a phishing site. For example www.apple.com is a very familiar URL, but, due to
the nature of different alphabets across the globe, the actual page being displayed could be
coming from a completely different URL than what is being displayed. For example,
https://www.xn--80ak6aa92e.com/ will show up in some browsers as apple.com.
“A website address that starts with xn-- tells your browser that the domain name is encoded
using Punycode, which allows characters like ü or ñ to be displayed. It’s important that
browsers be able to do that, because a very large percentage of Internet users don’t speak
English (or it’s not their first language).”
Unfortunately this can be exploited by scammers at the expense of innocent internet users.
Although it’s good to keep in mind that your URL isn’t the be all and end all, you don’t need
to panic too much about Homograph attacks. The chances are that your web browser is
doing its best to protect you from these kind of phishing sites. Safari, Internet Explorer and
Edge won’t show https://www.xn--80ak6aa92e.com/ as Apple.com, rather as the suspicious
set of digits that it truly is. Latest news from Firefox and Chrome show that updates to their
services will probably follow suit with these phishing-busting abilities.
The best solution to defending yourself from homograph attacks and other similar phishing
scams is to check you’re doing everything you can. Firstly, always have the latest update of
the browser you’re using. Developers are constantly working to stay ahead of the scammer,
so make sure to keep your software updated. Secondly, install anti spam software such as
MailCleaner products. Thirdly, be vigilant about the sites you’re visiting. Try to avoid clicking
links in emails and instead find the sites yourself externally. Also be aware of anything about
a website that doesn’t look right. If it says it’s www.apple.com and the branding looks wrong,
or it’s riddled with spelling errors, it might be a different website completely!