We jest, but Homograph Attacks are an increasingly serious problem.
Google calls this the “URLephant in the Room” and has an update that protects you from URL imposters.
If you fell victim to these lookalike URLs, you will often find yourself at the wrong end of a phishing or malware attack.
Even with this update, as a website owner, you may still want to evaluate your website name for attacks like these to protect your visitors.
Avoiding a Homograph Attack
Google’s Canary release for Chrome 70 contained a new feature you can enable called “Navigation suggestions for Lookalike URLs”.
If you mistyped a URL, Chrome will provide a message with an alternative that it thinks you wanted to visit.
This protects you against a class of attacks known as domain name homographic attack. One form is typosquatting, such as paypai.com for paypal.com.
Protect Your Punycode
You are also protected against another homograph exploitation – how a browser displays Unicode characters in regular (ASCII) text (think “Citibänk” instead of “Citibank”) – called punycode.
This obscures domains while displaying the same or similar text for a link (xn—80ak6aa92e.com – a domain translation made from Chinese characters – becomes apple.com in your browser).
You can turn this protection on by entering the URL below in the address bar, and selecting the option to enable:
Go Deep on Punycode and Homograph Attacks – Click Here
What’s a Website Owner To Do?
To protect your brand and reputation from homograph attacks, you could hire an internet security firm.
For More on Impact to Brand Risk – Click Here
They would scan the web for branding and trademark related lookalike domains. They’d also monitor for new domain name registries to flag.
If you run a larger enterprise, you will also want to analyze your internal networks too for any vulnerabilities.
On a limited budget? You could go to this domain checker to cover the most obvious imposters:
Background on the Domain Checker Tool – Click Here
Puny or Punny?
Yes we made a bit of a joke of it, but now you know about Homograph Attacks and how you can protect yourself and your website from those URL impostors!
But Wait! There’s More!
The fun hasn’t ended yet. Check out this Justin Bieber Parody.