By: Bill Howard - Manager of IT Services
Typosquatting, IDN homograph and Punycode attacks: Those are all ways for scammers to attempt to steal your data. Let us take a brief look at each, so you may have an idea what to look for.
Typosquatting is when a scammer creates a counterfeit website that appears identical to the genuine website, but the domain name spelling is slightly different. Different so that a user may stumble across the counterfeit website by making a typing error. For example, if you were attempting to visit google.com and happened to make a typing error like: gogle.com, googgle.com or even googel.com., these simple typing errors could take you to the counterfeit website which would present you with a fake Google homepage designed to look identical and capture data that you enter. The fake site may direct you to login, verify personal information, or even convince you that your password needs reset.
An IDN (Internationalized Domain Name) homograph attack is when a scammer has created a counterfeit website that has a name that looks remarkably like the name of a real site. An example of an IDN attack would be when the real name of the site is spelled mybuckingham.com and the IDN homograph would be spelled mybuckingharn.com. Once the counterfeit site is active, the scammer would send an e-mail or other communication with a link to the bad site, hoping the end user would not notice the misspelling. Once on the counterfeit site, you would again be prompted to enter personal data which would be captured and potentially used against you.
A Punycode attack is like an IDN attack. The attack works the same, but the approach is slightly different. Punycode attacks rely on alternate character sets used in other countries. Russia uses the 33-character Cyrillic alphabet while the U.S. uses the 26-character Latin alphabet. Our two alphabets include remarkably similar looking letters such as A, H, O, M, E, B, T, X and more. Mixing characters from both alphabets gives the illusion that you are visiting the legitimate site when in fact you are visiting the counterfeit. In this example, mybuckingham.com is presented with all Latin characters and mybuckingham.com looks the same substituting the small Cyrillic “a”.
Links to these counterfeit sites are typically included in phishing email scams. They are nearly all designed to capture login information for various sites. If you have any question that a link you were sent is counterfeit, do not follow it. It is always safer to enter the address of the desired site yourself.
Maintain vigilance and be careful of the sites you visit. Please take the time to scrutinize before clicking.