Let’s take a quick test: Launch any web browser and open this link https://?????.com. A green lock symbol, affirms that it’s a protected association. And it says “Secure” by it as well, as an included consolation. What is the best defense against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right? Well, this is what we have been taught all our lives!
Also Read: 7 Ways How Hackers Plan Their Attacks
The answer is in that URL. It may look like it reads “apple”, but that’s a bunch of Cyrillic characters: A, Er, Er, Palochka, Ie.
The security declaration is sufficiently genuine, however all it affirms is that you have a safe association with ?????.com – which discloses to you nothing about whether you’re associated with a legitimate site or not.
As Unicode characters are difficult to distinguish from common ASCII characters this becomes one loophole to security. Let’s see how it works!
Punycode Phishing Attacks
Many web programs utilize “Punycode” encoding to speak to Unicode characters in the URL to shield against Homograph phishing assaults. Punycode is an exceptional encoding method used by the web program to change over Unicode characters to the limited character set of ASCII (A-Z, 0-9), maintained by International Domain Names (IDNs) system.This loophole allowed the researcher to register a domain name xn--80ak6aa92e.com and bypass protection, which appears as “apple.com”” by all defenseless web programs, including Chrome, Firefox, and Opera, however Internet Explorer, Microsoft Edge, Apple Safari, Brave, and Vivaldi are not vulnerable.
A few programs will watch out for such traps, and show the hidden area name on the off chance that they sense insidiousness. A typical approach is to dismiss any space name containing different letters in order. Be that as it may, that doesn’t work if the entire thing is composed in a similar letter set.
How to Protect yourself from phishing Attacks
Firefox users can follow below-mentioned steps:
- Type about:config in address bar and press enter.
- Type Punycode in the search bar.
- Browser settings will show parameter titled as: network.IDN_show_punycode
- Right-click and then select Toggle to change the value from false to True.
Unfortunately, there is no such setting available in Chrome or Opera to disable Punycode URL conversions manually, so Chrome users might have to wait for a few more weeks to get patched Stable 58 release.
Also Read: Rootkit: A Digital Assassin in Hiding
In the meantime, one of the most ideal approaches to shield yourself from homograph assaults is to utilize a decent password manager that accompanies program extensions which consequently fills down your login credentials for the actual domains to which they are linked.