Phishing Frauds: Homographic Domains Threaten Cybersecurity

On the 19th of July 2024, numerous users worldwide experienced a significant disruption when Microsoft's services were hit by a sudden interruption. After careful investigation, it turned out that the main cause of this technical glitch was related to a problematic update of the Falcon Sensor security software, developed by the American company CrowdStrike.

Unfortunately, this incident caused a proliferation of attacks by hackers, who, pretending to be Microsoft operators intent on solving the problem, carried out all kinds of cyber attacks and phishing, i.e. the attempt to fraudulently take possession of users' personal data.
The incident once again highlighted the crucial importance of cybersecurity and the need for careful and accurate management of software updates, to prevent vulnerabilities or errors from being exploited in attacks and other cyber threats.

WHAT IS HOMOGRAPHIC PHISHING?

There are many ways in which hackers operate with phishing practices, e.g. by e-mail or sms, through which they can provide unsuspecting users with links to malicious sites that actually appear to be legitimate. This particular type of attack is called homographic phishing.
Homographic phishing attacks are a specific type of cyber attack that exploits visual similarities between different but similar typefaces, with the aim of tricking victims into believing they are visiting a legitimate website when in fact it is a fraudulent site, inducing them to enter their login credentials, personal data or financial information.

BUT HOW TO RECOGNISE HOMOGRAPHIC PHISHING ATTACKS? 

We explain it below:

• Use of similar characters: hackers register domain names that use characters that are similar to those of legitimate domains, but are actually different. For example, the character "o" (letter o) may be replaced with "0" (number zero), or the letter "l" (lower case "l") may be replaced with "1" (one).
• Use of homographic characters: this type of attack uses the Internationalised Domain Name (IDN) system, which allows domains with non-Latin characters to be registered. For example, Latin letters and Cyrillic characters that appear similar, such as "a" (Latin) and "a" (Cyrillic).

To give a practical example:

• Legitimate domain: www.domainname.it
• Homographic domain: www.d0mainname.it , where the ‘o’ has been replaced by a "0".

HOW CAN YOU DEFEND YOURSELF AGAINST HOMOGRAPHIC PHISHING ATTACKS?

• Beware of links: check links received via email or messages carefully, especially if they come from unverified sources.
• Use of security tools: modern browsers and security software can detect and warn users of possible homographical attacks.
• Use security signals: pay attention to the security signals provided by the browser, such as SSL (Secure Sockets Layer) certificates, which guarantee the transmission of information using encryption.
• Two-factor authentication: implement two-factor authentication (2FA) to add an extra layer of security to online accounts.

Homographic phishing attacks pose a significant threat as they exploit the visual similarity of typefaces to deceive users. Being aware of these techniques and taking preventive measures can help protect against such attacks, including proper user training, implementing reliable security solutions and adopting vulnerability management practices. Only through a proactive and aware approach will it be possible to reduce the risk of future disruptions and ensure robust and resilient cybersecurity.