A Chinese researcher has found a totally new type of phishing attack. This homograph phishing attack can be used on all the Internet users even on those who are quite familiar with hacking attacks.
Homograph / PunnyCode Phishing Attack
According to this Chinese researcher, a vulnerability of all popular web browser such as Chrome. Opera & Mozilla. A hacker can display the name of desired website to steal a website password & nobody is able to find out the phishing attack. A Hacker can display any website on the address bar like apple, Google or Amazon that will help to steal the sensitive information of a user.
The best way to prevent you from phishing attack is that you check the address bar with a fake domain name. But what if the domain name is same which we tried to login.
Homograph Attack Chrome – IDN Homograph Attack Example
So if you like to see the details then you can click on this link to see the page. A heavy traffic is driven by this page as everyone is curious to see this. This webpage is developed by the Chinese researcher who shows the demo of this hacking attack.
In the official statement of Xudong Zheng in his blog. “It becomes impossible to identify the site as fraudulent without carefully inspecting the site’s URL or SSL certificate.”
So basically if you browser shows apple.com in the address bar & the content in the webpage is differnet than you browser is vulnerable to homograph attack.
The same demonstration is given by Wordfence where the domain shows epic.com & the contents of the webpage are different. Click here to see this.
History & working of Homograph Phishing attack
The concept of homograph attack emerges in 2001 when the using the Unicode characters replacing with characters. This shows the same legit url in the address bar but the domain is totally different which is asking for your login or sensitive data details.
Many uni-code characters which represent Greek, Cyrillic, and Armenian alphabet in international domain looks same in Latin words by people but are different in the sense of machines.
For example, Cyrillic “а” (U+0430) and Latin “a” (U+0041) both are different in machine level but the display ‘a’ same in every browser.
Browser use Punnycode to represent unicode characters & can defend from the homograph phishing attack. Punnycode is used to convert unicode to ASCII code supported by International Domain Names (IDNs) system.
Zheng said that the domain name is displayed correctly if all the unicodes are taken from same language. But tends to display wrong url if multiple language unicodes are used.
As a result if you register a domain name as xn--80ak6aa92e.com & bypass the unicodes then the domain displayed will be apple.com by all the browsers vulnerable to this.
Zheng has reported this issue to all the leading browser to fix the issue.
Prevention from Homograph Phishing attack
For a Firefox user , follow these steps to do prevent you from the attack.
- Type about:config in address bar and press enter.
- Type Punycode in the search bar.
- Parameters in a browser setting will show network.IDN_show_punycode,
- Select & click the option to False.
Unluckily there is no option for Chrome & Opera users, you guys have to wait for the next updated version. So you can use some plugins to stay away from it.
You are advised to use a good password manager to stay safe from such homograph attack. So if a website which shows apple.com or amazon.com but your password manager is not responding then you know that the homograph attack is in progress & you can go back from there.
If you like the information or have anything to add please write a comment below & tell us. If you like the information please like our Facebook Page or Subscribe us for our Daily Updates in your Inbox. Thank You.