Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scammers Abuse Multilingual Domain Names (bbc.com)

Posted by msmash on from the beware dept.

Cyber-criminals are abusing multilingual character sets to trick people into visiting phishing websites. BBC: The non-English characters allow scammers to create "lookalike" sites with domain names almost indistinguishable from legitimate ones. Farsight Security found scam sites posing as banks, loan advisers and children's brands Lego and Haribo. Smartphone users are at greater risk as small screens make lookalikes even harder to spot. The Farsight Security report looked at more than 100 million domain names that use non-English character sets -- introduced to make the net more familiar and usable for non-English speaking nations -- and found about 27% of them had been created by scammers. It also uncovered more than 8,000 separate characters that could be abused to confuse people.

Farsight founder Paul Vixie, who wrote much of the software underpinning the net's domain names told the BBC: "Any lower case letter can be represented by as many as 40 different variations."

5 of 129 comments (clear)

  1. It's not unicode - DNS uses punycode by FeelGood314 · · Score: 5, Informative

    DNS entries are ASCII. Punycode is a way to put unicode in ASCII in a way that is sort of mostly human readable. For an English speaker (AKA ASCII character users) always set your browser to display the raw punycode and not the unicode points. For the less technical but still English speaking you should be fine as long as you only visit sites with HTTPS. No reputable CA should be signing EV certs with punycode that looks like English words. Ones that do will quickly be removed from the browsers.

    For the non-English, you're f#@ked. Seriously. This was a good awful idea. We are going to return to an English only internet because everything else will be untrustable.

  2. disable idn in your browser... by Anonymous Coward · · Score: 3, Informative

    in firefox's about:config page

    set network.IDN_show_punycode to true

    to force firefox always use the punycode, e.g:
    https://www.xn--80ak6aa92e.com...

    good write-up here (where the above example, which looks like 'www.apple.com' comes from):

    https://www.xudongz.com/blog/2...

  3. Re:Old news by mcswell · · Score: 3, Informative

    Right. Here's an article on the topic (and a solution) dated *2011*: https://www.symantec.com/conne.... Or read about it in the Wikipedia, with references going back to *2002*: https://en.wikipedia.org/wiki/....

    I would hazard a guess that every one of those "8,000 separate characters that could be abused to confuse people" has been known for a least a decade. News my eye.

  4. Re:Dear browser makers by Anonymous Coward · · Score: 3, Informative

    In Firefox:

    1. about:config

    2. network.IDN_show_punycode set as "true"

    This will force the display of the “raw” punycode version of internationalized domain names, with the xn- prefix so it's obvious.

    http://kb.mozillazine.org/Network.IDN_show_punycode

    It's crazy to browse without setting this true, unless you want people to spoof homographic punycoded URLs in phising attacks on your browser.

  5. Re:Unicode is a mess by Calydor · · Score: 5, Informative

    slashdot.org and sIashdot.org can be hard to tell apart.

    I actually had to copy that into Notepad to see what you did. Well played.

    --
    -=This sig has nothing to do with my comment. Move along now=-