Convincing Google homographic domain impersonation opens door to MiTM, Phishing

Labeled as domains in Domain Industry News, started by Lox, Mar 16, 2020


  1. Lox

    Lox _____ VIP Gold Account

    Likes Received:
    Using homographic characters is an easy way to execute a convincing fake site.

    Researcher Avi Lumelsky set out to see how easy it would be to set up a phishing page that used homographics to impersonate legitimate sites. As he explained in a posting this week, “homographic characters look like ASCII letters, but their encoding is different, in a way that is usually not noticeable for the human eye.”

    As an example, this URL uses a homographic character as its first character: “ɢ” That can be compared to the legitimate “” font — there’s a barely discern-able difference.
    Lumelsky noted that a few years ago someone bought the homographic-including “ɢ” to use it for phishing purposes.

    “I wondered to myself: There are new top-level-domains every year. Did the world learn from the ɢ acquisition? How hard is it to create a good Google phishing website from scratch?”

    Setting out to find out, the researcher turned to the main domain registrars – GoDaddy, Namecheap and even Google Domains – to first see if he could snag appropriate URLs. He found the process to be so simple that a basic search resulted in a dozen suggestions for available domain names, including ɢ; ɢ; ɢ; ɢ and even ɢ, all for what Lumelsky said was a “great” price. He purchased a handful of them, using an obviously fake identity that included “Not Google :)” as the company name.

    After that, he was able to set up a virtual private server in the cloud to host the domains; and he also requested a LetsEncrypt certificate to “safeguard” traffic to and from the sites – and get around security red flags from browsers. Chrome for instance showed the domains as “Secure” (with a lock icon) thanks to the certificate.

    “Now, one can use https:// links to gain trust, while providing malicious content,” Lumelsky said.

    read more > (threatpost) read more > (medium)
    The views expressed on this page by users and staff are their own, not those of NamePros.

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice