Using homographic characters is an easy way to execute a convincing fake site.
Researcher Avi Lumelsky set out to see how easy it would be to set up a phishing page that used homographics to impersonate legitimate sites. As he explained in a posting this week, “homographic characters look like ASCII letters, but their encoding is different, in a way that is usually not noticeable for the human eye.”
As an example, this URL uses a homographic character as its first character: “ɢoogle.news.” That can be compared to the legitimate “google.news” font — there’s a barely discern-able difference.
Lumelsky noted that a few years ago someone bought the homographic-including “ɢoogle.com” to use it for phishing purposes.
“I wondered to myself: There are new top-level-domains every year. Did the world learn from the ɢoogle.com acquisition? How hard is it to create a good Google phishing website from scratch?”
Setting out to find out, the researcher turned to the main domain registrars – GoDaddy, Namecheap and even Google Domains – to first see if he could snag appropriate URLs. He found the process to be so simple that a basic search resulted in a dozen suggestions for available domain names, including ɢoogle.company; ɢoogle.email; ɢoogle.tv; ɢoogle.life and even ɢoogletranslate.com, all for what Lumelsky said was a “great” price. He purchased a handful of them, using an obviously fake identity that included “Not Google
” as the company name.
After that, he was able to set up a virtual private server in the cloud to host the domains; and he also requested a LetsEncrypt certificate to “safeguard” traffic to and from the sites – and get around security red flags from browsers. Chrome for instance showed the domains as “Secure” (with a lock icon) thanks to the certificate.
“Now, one can use https:// links to gain trust, while providing malicious content,” Lumelsky said.
read more > (threatpost) read more > (medium)
Researcher Avi Lumelsky set out to see how easy it would be to set up a phishing page that used homographics to impersonate legitimate sites. As he explained in a posting this week, “homographic characters look like ASCII letters, but their encoding is different, in a way that is usually not noticeable for the human eye.”
As an example, this URL uses a homographic character as its first character: “ɢoogle.news.” That can be compared to the legitimate “google.news” font — there’s a barely discern-able difference.
Lumelsky noted that a few years ago someone bought the homographic-including “ɢoogle.com” to use it for phishing purposes.
“I wondered to myself: There are new top-level-domains every year. Did the world learn from the ɢoogle.com acquisition? How hard is it to create a good Google phishing website from scratch?”
Setting out to find out, the researcher turned to the main domain registrars – GoDaddy, Namecheap and even Google Domains – to first see if he could snag appropriate URLs. He found the process to be so simple that a basic search resulted in a dozen suggestions for available domain names, including ɢoogle.company; ɢoogle.email; ɢoogle.tv; ɢoogle.life and even ɢoogletranslate.com, all for what Lumelsky said was a “great” price. He purchased a handful of them, using an obviously fake identity that included “Not Google
” as the company name.After that, he was able to set up a virtual private server in the cloud to host the domains; and he also requested a LetsEncrypt certificate to “safeguard” traffic to and from the sites – and get around security red flags from browsers. Chrome for instance showed the domains as “Secure” (with a lock icon) thanks to the certificate.
“Now, one can use https:// links to gain trust, while providing malicious content,” Lumelsky said.
read more > (threatpost) read more > (medium)
