Hackers ‘Using International Characters To Create Scam Sites’

Researchers find an upsurge in scam sites with lookalike international characters in the domain name

The use of multilingual characters in domain names to trick users into visiting malicious websites is a rapidly growing security problem, researchers have found.

The international characters, designed to allow domain names to be registered in nearly any language, are being widely abused to create addresses that resemble those of known websites.

Criminals substitute international characters for individual letters in a known domain name, creating fake addresses that are difficult to spot.

Any lower case letter can be represented by up to 40 different international variations, said Farsight Security.

identity deception fraud social engineering security © ShutterstockFinancial fraud

Banking and financial sites are a particular target, but other areas include insurance, e-commerce and retail, cryptocurrency exchanges, tech firms, and children’s brands such as Lego and Haribo, Farsight said.

In a new report Farsight said that of more than 100 million internationalised domain names it had analysed, about 27 percent were scam sites.

Internationalised domain names (IDNs) are an increasingly popular way to carry out scams because regulations around their use are usually not enforced, the report found.

For instance, ICANN’s guidelines prohibit the insertion of an international character in the midst of an English-language word, but registrars rarely enforce the rule, according to Farsight chief executive Paul Vixie, one of the principal creators of the internet’s domain name system (DNS).

Scam surge

“IDN homographs are largely undetected – as a result, bad guys can abuse these key DNS assets,” Vixie said in a statement.

San Mateo-based Farsight carried out a study on IDN abuse earlier this year and the new report builds on that research, confirming that so-called homograph attacks are a “significant and growing” problem.

Sixty-six percent of the look-alike domain IP addresses were geolocated in the United States, with 91 percent offering some form of webpage, Farsight said.

Smartphone users are particularly vulnerable to homograph attacks, since smaller screens make the hoax sites more difficult to spot, according to the study.

Farsight argued the lack of regulation means it’s up to companies with well-established brands to police scam sites themselves.

Security company Wandera also said it had seen a surge in the use of scam domains created using different ways of forming characters, including a near-doubling in the scam use of the punycode encoding method.

Wandera found gangs were using messages sent via mobile apps to trick targeted groups of people into clicking on lookalike links.

It found people using smartphones were three times more likely to fall for these and other phishing scams, the BBC reported.

Do you know all about security? Try our quiz!