Security News > 2020 > March > It has been 15 years, and we're still reporting homograph attacks – web domains that stealthily use non-Latin characters to appear legit

It has been 15 years, and we're still reporting homograph attacks – web domains that stealthily use non-Latin characters to appear legit
2020-03-04 14:00

Researchers at Soluble today said they worked with Verisign to thwart the registration of domain names that use homoglyphs - non-Latin characters that look just like letters of the Latin alphabet - to masquerade as legit domains.

First reported back in the 2000s, this technique allow miscreants to use characters that, when displayed in the browser bar, appear to show the URL of a valid site - such as Apple.com or Google.com - despite being a completely different domain name.

In the most recent case, it was found that the Unicode Latin IPA Extension characters could and were being exploited to setup lookalike domains.

Normally, it would not be possible to register domains with mixed scripts, as Verisign put protections in place years ago.

The domains are hard enough to register and set up that miscreants don't want to burn them on anything other than the highest-value of targets.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/04/homograph_attacks_still_happening/