Phishing with Unicode Domains

When visiting a domain name containing a Unicode character that visually resembles an ASCII character, your browser will transform the Unicode characters to Punycode in the address bar to prevent homograph attacks.

For example: the Cyrillic а (codepoint U+0430) totally looks like the Latin a (codepoint U+0061). When visting brаm.us (with the Cyrillic а in place of the Latin a), your browser will transform the URL to xn--brm-7cd.us

Turns out this is not always the case though:

Chrome’s (and Firefox’s) homograph protection mechanism unfortunately fails if every characters is replaced with a similar character from a single foreign language. The domain “аррӏе.com”, registered as “xn--80ak6aa92e.com”, bypasses the filter by only using Cyrillic characters.

TIP: Whenever you’re in doubt when receiving a mail from a “well known party” containing a link, I recommend manually typing the URL into the address bar.

Phishing with Unicode Domains →

(via Jeremy)

Sidenote: Worth digging up is this tweet from 2010 by my pal Manuel:

Elsewhere , ,

Leave a Reply

Your email address will not be published. Required fields are marked *