Curious Characters Create Devious URL’s For Phishing Attacks
By: Jim Stickley and Tina Davis
December 15, 2019
There’s a word for it…homographic hack, and cyberthieves love to use them. Homographic attacks happen when hackers register a domain name using characters from other, non-Latin languages that look almost exactly like some characters used in the English language. The reason they do it is to trick users into following URL’s that have been created to look like the real deal. Once a user goes to a web address using homographs, all bets are off. The web page is designed to look exactly like what a user expects from their online site, only it’s anything but. Users hand over their account numbers, passwords, and other PII (Personally Identifiable Information) without the slightest idea they are in the wrong place–a very wrong place.
Hackers often use email phishing assaults to launch homographic attacks. The emails they send to prospective takers have a URL link that upon close inspection by the user looks legitimate. Unknown to them, hackers have already registered the domain name using Latin, Greek, and/or Cyrillic characters that are virtually impossible to spot as non-English. Researchers at Blaze Security discovered homoglyph-themed sites where hackers have total control of the website. These domains host malicious code or use phishing attacks designed to get user PII. Imagine the PII hackers get with a URL and web page designed to look exactly like your financial institution. Without realizing it, you’ve handed over your login details including your password and other account details to hackers who are ready to take the money and run.
So, what can everyday users do when hackers have made it next to impossible to tell the difference between an English “a” and a Cyrillic “a” in an authentic-looking URL? First, lookup the web address on your own and type it in the URL yourself. That will expose whether sneaky characters were used and alert you that the email and URL contained in it are pure phishing. When you’re at the true website, bookmark it so you only need to type the URL once. Bookmarking guarantees you will be safe and where you expect to be with as little effort as possible. Otherwise, double and triple-checking a URL should be the minimum users do before following any link. Carefully check spelling, looking for transposed letters, added characters, and otherwise anything that looks questionable. As we know, homographic URLs and the fake websites they promote exist for a reason–to trick and to steal. Now that you know, be proactive and protect yourself from those curious characters.