Man’s Popular Website Homograph Attacked on His Punycode

Are Your Fat Fingers Letting You Get Robbed?

We jest, but Homograph Attacks are an increasingly serious problem.

Google calls this the “URLephant in the Room” and has an update that protects you from URL imposters.

If you fell victim to these lookalike URLs, you will often find yourself at the wrong end of a phishing or malware attack.

Even with this update, as a website owner, you may still want to evaluate your website name for attacks like these to protect your visitors.

Avoiding a Homograph Attack

Google’s Canary release for Chrome 70 contained a new feature you can enable called “Navigation suggestions for Lookalike URLs”.

If you mistyped a URL, Chrome will provide a message with an alternative that it thinks you wanted to visit.

Just Deserts or Just Desserts?

(No this isn’t the Chrome Message)

This protects you against a class of attacks known as domain name homographic attack. One form is typosquatting, such as paypai.com for paypal.com.

Protect Your Punycode

You are also protected against another homograph exploitation – how a browser displays Unicode characters in regular (ASCII) text (think “Citibänk” instead of “Citibank”) – called punycode.

This obscures domains while displaying the same or similar text for a link (xn—80ak6aa92e.com – a domain translation made from Chinese characters – becomes apple.com in your browser).

You can turn this protection on by entering the URL below in the address bar, and selecting the option to enable:

chrome://flags/#enable-lookalike-url-navigation-suggestions

Go Deep on Punycode and Homograph Attacks – Click Here

What’s a Website Owner To Do?

To protect your brand and reputation from homograph attacks, you could hire an internet security firm.

For More on Impact to Brand Risk – Click Here

They would scan the web for branding and trademark related lookalike domains. They’d also monitor for new domain name registries to flag.

If you run a larger enterprise, you will also want to analyze your internal networks too for any vulnerabilities.

On a limited budget? You could go to this domain checker to cover the most obvious imposters:

Hold Integrity Domain Checker

Background on the Domain Checker Tool – Click Here

Puny or Punny?

Yes we made a bit of a joke of it, but now you know about Homograph Attacks and how you can protect yourself and your website from those URL impostors!

But Wait! There’s More!

The fun hasn’t ended yet. Check out this Justin Bieber Parody.

Print Friendly, PDF & Email