Anti-phishing techniques – or how to defeat the purpose of IDNs

International Domain Names (IDNs) are attractive. They allow people to express themselves in the multitude of languages which this planet has to offer. However, they also allow scammers and phishers to trick you into believing a particular domain name is trustworthy, while it is a scam. The idea is that homoglyphs could be used by criminals to trick you into believing to visit a trusted domain. For example if I write the first two letters of a pretty well-known domain name with Cyrillic letters like this: аоl.com you won’t notice (unless your system lacks the necessary glyphs to show Cyrillic). However, a name such as xn--l-7sb6b.com (its raw Punycode form) would raise some suspicion.

In my opinion the threat is real, but the counter-measures are not well thought. The idea of IDNs is to show domains in the native non-latin character-sets (similar systems for TLDs are in the works), so why would anyone not show them at all? Browsers such as Firefox and Internet Explorer 7 (on Vista) refuse to show the non-latin form of the IDN if certain characters are contained.

Let’s take the domain name I recently registered which reads сніжок.net. If you hover over the link in FF or IE, you will see this instead http://xn--f1aihfm1k.net. The reason is simple, this IDN contains homoglyphs. So let’s dig into it a bit more.
(more…)

Leave a Reply