Is that email from citibank.com or citíbank.com?
If you think that last sentence was a mistake, take another look, as you may be the next phishing victim.
Cybercriminals are using internationalized domain names (IDN) to register domain names with characters other than Basic Latin. While the purpose of IDNs are to facilitate a multi-lingual Internet, scammers find ways to register and use domains that look very similar to legitimate ones. If the domain looks convincing enough, users fall prey to attacks involving ransomware, malware, and, eventually, data breaches.
For every 1 top global brand, threat intelligence vendor Farsight Security found nearly 20 fake domains registered, with 91% of them offering some kind of web page. These look-alikes are what’s called homographic domains – one that looks just like another, but is technically different. These domains leverages Punycode transcription, which displays domain names using labels stored as ASCII strings. Take the example of a domain such as ameriсanexpress.com. It looks harmless, as it’s all Basic Latin characters, with one critical exception – the “c” is actually the Cyrillic character for the Latin letter “s”.
And just like that, scammers have a very convincing domain name for their next phishing campaign.
So, what can you do to stop these domains?
There are a few things you can do to reduce the likelihood that an attack using a homographic domain will be successful:
- Utilize an email scanner that uses domain reputation – reputation is calculated based on factors like how old the domain is (many scammers register and immediately use a new domain). A low reputation score can stop an email from coming through. Vendors also maintain a database of known malicious domains to stop the email before it reaches the Inbox.
- Use KnowBe4's Second Chance (more below about that)
- Train employees to be watchful – just because an email looks like it’s from americanexpress.com doesn’t necessarily mean it’s going to be well-written or well-presented. Also, it definitely won’t be pointing back to Amex’s website. Employees that participate in security awareness training and simulated phishing testing are 37% less likely to fall victim to these scams.
Cybercriminals will continue to look for ways to appear legitimate. This means homographic domains are just one of the latest tactics used in order to fool users into becoming unwitting participants.
Wouldn't it be great if your users had a way to "roll back time" when they forgot to think before they click on a bad link?
Now they can!
We are excited to announce Second Chance, a brand-new security tool for the Outlook email client that you can download and deploy at no cost.
Second Chance enables your user to make a smarter security decision by giving them a way to back out of a click that could be in a phishing email. It takes an intelligent look at the clicked URL in email, and asks your user if they are sure they want to do this, in case they clicked on a potentially unsafe or an unknown website. It even prompts your user when they click on a Punycode link!
You might ask: "What happens if my user continues or aborts their action?" If they choose to abort their action, the prompt will be closed, and the URL will not be opened. If they choose to continue, their browser will navigate to the URL they clicked on.
Here's how it works:
- Checks links originated in email messages, including attached Office Docs and PDFs
- Ability to customize the message your user gets after clicking a URL
- You can set "No Prompt" domains
- Get reporting data on what URLs users chose to abort or continue
There are more technical details on our support site.
Second Chance could one day be the difference between a ransomware infection and a free weekend. Give it a try!
PS: Don't like to click on redirected buttons?
Cut & Paste this link in your browser: https://www.knowbe4.com/second-chance