NameSilo

Convincing Google homographic domain impersonation opens door to MiTM, Phishing

Labeled as domains in Domain Industry News, started by Lox, Mar 16, 2020

Replies:
0
Views:
227

  1. Lox

    Lox _____ VIP Gold Account

    Posts:
    2,507
    Likes Received:
    3,480
    Using homographic characters is an easy way to execute a convincing fake site.

    Researcher Avi Lumelsky set out to see how easy it would be to set up a phishing page that used homographics to impersonate legitimate sites. As he explained in a posting this week, “homographic characters look like ASCII letters, but their encoding is different, in a way that is usually not noticeable for the human eye.”

    As an example, this URL uses a homographic character as its first character: “ɢoogle.news.” That can be compared to the legitimate “google.news” font — there’s a barely discern-able difference.
    Lumelsky noted that a few years ago someone bought the homographic-including “ɢoogle.com” to use it for phishing purposes.

    “I wondered to myself: There are new top-level-domains every year. Did the world learn from the ɢoogle.com acquisition? How hard is it to create a good Google phishing website from scratch?”

    Setting out to find out, the researcher turned to the main domain registrars – GoDaddy, Namecheap and even Google Domains – to first see if he could snag appropriate URLs. He found the process to be so simple that a basic search resulted in a dozen suggestions for available domain names, including ɢoogle.company; ɢoogle.email; ɢoogle.tv; ɢoogle.life and even ɢoogletranslate.com, all for what Lumelsky said was a “great” price. He purchased a handful of them, using an obviously fake identity that included “Not Google :)” as the company name.

    After that, he was able to set up a virtual private server in the cloud to host the domains; and he also requested a LetsEncrypt certificate to “safeguard” traffic to and from the sites – and get around security red flags from browsers. Chrome for instance showed the domains as “Secure” (with a lock icon) thanks to the certificate.

    “Now, one can use https:// links to gain trust, while providing malicious content,” Lumelsky said.

    read more > (threatpost) read more > (medium)
     
    The views expressed on this page by users and staff are their own, not those of NamePros.

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...