Cybercriminals have come up with a smart way to fool people: they change real letters in website addresses to characters that look almost the same This article explores website real threat. . Homoglyph attacks are what these are called, and they are becoming more and more common on the internet.
Changing just one character can trick both people and security tools into thinking a fake website is real. The threat includes a lot of different kinds of attacks, such as spear-phishing, brand impersonation, Business Email Compromise, and software supply chain manipulation. Companies should protect themselves from these attacks by using multiple layers of security. Email gateways and web proxies must change Unicode to a standard format and show Punycode warnings when they find links that look suspicious.
Until they are properly reviewed, DNS filtering systems should treat xn-- prefixed domains that are new as high-risk.
Certificate transparency monitoring should let security teams know when certificates are given out for domains that look a lot like trusted brands. Organizations should register common lookalike domain names that are similar to their own brand names from a policy point of view. All sensitive services must use multi-factor authentication, and any requests for money or credentials must also go through a second verification process.
Brand monitoring programs should keep an eye on domain registrations and abuse reports in almost real time. To help users become more aware, phishing simulations that include realistic homoglyph scenarios should be run on a regular basis. To stay ahead, you need to always be on the lookout, have strong technical controls, and have users who know what to look for before clicking any link. To learn more about ZeroOwl, check out our website or follow us on Twitter @ZeroOwl_Security or Facebook at Facebook.com/ZeroOwlSecurity.
For private help, you can call the Samaritans at 08457 90 90 90, go to a Samaritans branch near you, or visit www.samaritans.org.
