Image result for homograph attack

Apple.com was a recent domain to be ‘spoofed’ by a homograph attack.

A homograph attack is where a domain name is purchased which appears identical to the official domain, except using Greek/Cyrillic characters. The danger of this is that these characters appear exactly the same as standard Latin characters.

These homograph attacks have become very popular recently as they’re much easier to hide. Prior to homograph attacks, scammers would generally change a hyperlink to look like a genuine address. Now, scammers are able to use a genuine domain name which is identical to the original (well, in appearance at least).

Adam Berry, Support Engineer at Riverbank IT says “Homograph attacks are becoming increasingly common and even the most tech-savvy users can be fooled by these attacks. Users are presented with a realistic domain name which they’re familiar with (e.g. google.com) and that ‘hover over the link’ protection approach doesn’t suffice in these scenarios. It is essential that we are aware of the sites that we’re visiting and the risks associated with entering sensitive information in online forms. There are a few things that you can check to help prevent yourself being victim to scammers, and I’ll list these below.”

  1. Invest in an email filtering service like Riverbank Email Protect that checks emails for any malicious links in real time
  2. Does the site that you’re visiting have an SSL certificate? You can verify this from the ‘Green Padlock’ featured in major web browsers. Scammers are less likely to use an encrypted site, however obtaining SSL certificates is easier today than ever before.
  3. Do you see the site re-direct to another address? Is there anything suspicious about the site – are any of the images distorted; are any of the links invalid? This could indicate potential risks with the site.
  4. Open another tab and manually type the address that the link took you to. Your keyboard will use ‘Latin’ characters and may return a different result to the Cyrillic address. Are the sites identical? Look out for small differences (typos, different favicons etc.). This doesn’t verify the legitimacy of the re-directed site though. Scammers can steal code from legitimate webpages to create replicas.
  5. If your browser warns you that the site you’re visiting is insecure, it’s probably right! If you ignore warnings from your web browser, then proceed with caution. 

If you’re in doubt about any links/content you’ve received, contact Riverbank IT. We can perform a thorough check of hyperlinks and webpages to verify legitimacy.