Post by Mile Stojaković 
December 8, 2023 | 
Have you ever looked at a word and thought it seemed just a little… off? Imagine receiving an email from your college asking you to log in through a provided link. The URL appears similar to your company’s page, yet something doesn’t quite match upon closer inspection. This scenario is a classic example of an IDN homograph attack. This post will explain what it is, how it works, and how to protect yourself from such attacks.
Let’s break it down.
‘IDN’ means International Domain Name. The internet uses domain names in many scripts – from commonly used Latin characters to Greek, Chinese, and Cyrillic scripts, among many others. While this diversity is fantastic for global accessibility, it unfortunately also creates opportunities for bad actors.
A “homograph” refers to visually similar characters from different scripts. For instance, the Latin character ‘a’ (code U+0061) looks identical to the Cyrillic character ‘а’ (code U+0430). They are different characters in computing terms (U+0061 vs U+0430).
Mixed, the “IDN homograph attack” describes a cybersecurity exploit. The attackers use these similar-looking characters from different scripts to create misleading domain names. These domains mimic the appearance of legitimate, familiar domain names. They potentially trick users into believing they are visiting a trusted site. In the process, you could land on a malicious site designed for phishing.
Now, let’s see how this happens. We’ll look at two emails to show how an IDN homograph attack happens in real life.
In the same way, ‘Example 1’ and ‘Example 2’ emails may look the same at first, but there’s an important difference in the URLs in these messages. In the email labeled ‘Example 1’, what seems like a lowercase ‘l’ (L) in the URL is an uppercase ‘I’ (i). This subtle change redirects users to a different website, which they might not expect.
Consider the IDN homograph attack example of “biuegrid.io,” which mimics “bluegrid.io.”
In this example, the attack exploits the visual similarity between the ‘biuegrid’ and ‘bluegrid’ domains.
To an unsuspecting eye, email addresses from ‘Example 1’ ([email protected]) might appear nearly identical to the email address [email protected] from ‘Example 3’. This similarity can easily lead to confusion.
Here are straightforward and explicit illustrations of IDN homograph attacks. They show us how easily these attacks can happen and remind us always to be careful.
As promised at the beginning, let’s now explore how we can safeguard ourselves from these attacks.
1. Teach and Learn:
Make sure employees and customers know about these risks. Give them clear instructions on how to recognize safe, official messages.
2. Register Similar Domains:
To stop others from using similar names, brands should register domains that look like their name, including common misspellings.
3. Watch Your Brand Online:
Use tools on the internet to keep an eye on where and how your brand’s name is mentioned. This helps you find out quickly if someone is misusing your name.
4. Boost Online Visibility:
Improve website SEO to secure a top search result spot, even for brand name abbreviations.
5. Consistent Branding:
Always use the same style and logo in all your messages, websites, and ads. This helps people tell the difference between your actual site and fake ones.
If you need help with these steps (1-5) or setting up a similar alerting system, feel free to Contact Us. Our team is here to help.
