Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Homographic Domain Name Phishing Tactics

    Homographic Domain Name Phishing TacticsBitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, OneNote, and PowerPoint.

    “Homograph (also known as homoglyph) phishing attacks are based on the idea of using similar characters to pretend to be another site,” the researchers write. “While most of them are easily recognizable by end-users with proper training (for example, g00gle.com), the homograph attacks based on international domain names (IDN) can be unrecognizable from the domains they are spoofing.”

    This technique shows that users can’t rely solely on checking the URL to ensure that they’re not visiting a phishing page.

    “Even if a browser decides to display the real name after opening the link, the email client uses the display name in the preview pane,” the researchers write. “Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open. The website that opens even has a valid security certificate and is fully controlled by a threat actor.”

    The researchers note that this technique probably won’t become as commonplace as other phishing tactics, but it’s still worth watching out for.

    “The good news is that homograph attacks most likely are not going to become mainstream – they are not easy to set up or maintain,” Bitdefender says. “However, they are a dangerous and effective tool used for targeted campaigns by APTs (or advanced persistent threats) and high-level adversaries such as Big Game Hunting by Ransomware-as-a-Service groups– whether targeting specific high-value companies (whale phishing) or high-value themes (for example popular cryptocurrency exchanges).”

    TechRadar also reported on this attack, adding that homograph attacks abuse the internationalization of the web. "In the early days of the internet, all domain names used the Latin alphabet, which has 26 characters. Since then, the internet grew to include more characters, including, for example, the Cyrillic alphabet (used in Eastern Europe, and Russia). That gave threat actors a wide playground, as by combining different characters, they can create phishing sites whose URL looks identical to the legitimate site."

    New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to recognize social engineering attacks.

     

    Return To KnowBe4 Security Blog

    Discover dangerous look-alike domains that could be used against you! 

    Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

    Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

    DomainDoppelgangerResults-1Here's how it's done:

    • Get detailed results of look-alike domains found similar to your primary email domain
    • You can now quiz your users with your look-alike results
    • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
    • It only takes a few minutes to discover your “evil domain twins”!

    Find Your Look-Alike Domains!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-doppelganger

    Topics: Social Engineering, Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews