homograph phishing scam browers tricked

Phishing attacks aim to trick users into giving away their personal information by forging emails from various organizations and individuals.

But what happens when it’s not just the user being tricked?

Chinese security researcher, Xudong Zheng, recently revealed that popular browsers such as Google Chrome, Mozilla Firefox, and Opera, can all be tricked into displaying phishing sites with legitimate domain names.

In his experiment, Zheng created a homograph attack, in which he used punycode to trick browsers into displaying Unicode characters as normal characters in the browser URL bar.

Punycode depicts Unicode using ASCII and is used for internet host names so it is possible to register domain names with foreign characters; such as “ 短.co.” This is where the problem arises as Unicode characters are very hard to distinguish from common ASCII characters, making it hard for users to identify that they’re at the wrong URL.

To prove his hypothesis was correct, Zheng created the site Xn—pple-43d.com, which appears as Apple.com when displayed in a Chrome, Firefox, or Opera browser (Explorer, Edge, or Safari are safe from these types of attacks).





If hackers were to use an attack like the one Zheng has shown in his experiment, even experienced users may not be able to spot the difference, leaving users and organizations vulnerable to attacks.

The best way to fight against homograph attacks is to use a password manager, as it should only log you into the official website and not be tricked by the Unicode switch.

Comments are closed.