In our previous article How to secure you account from phishing page, we discussed about how to create and detect whether a page is a phishing page or original one. In how to defend section we mentioned that one must have to check the link(URL) where site redirects. If it is different from expecting, it means that it is a phishing page.

Researchers reported a new way of phishing attack which is almost impossible to detect. Even for careful users on web, it is difficult to detect this type of attack. In new research, a Chinese researcher has submitted a report on “Phishing with Unicode Domains“.

What Is Phishing With Unicode Domains?

Phishing with Unicode domains is new way to trap users in phishing attacks. By this method, one can even trap a most careful user on Internet.
Phishing with Unicode domains uses the method punycode, which makes it possible to register domain with foreign letters(Letters with different symbols than English).

We can use Punycoder to converts any letter into its corresponding value.

How Phishing with Punycode works?

There are several languages in the world with different symbols. Some of the symbols matches with English character for EX: аррӏе from Cyrillic characters matches with apple from English characters. There punycode value is some how different. Punycode аррӏе from Cyrillic characters  is xn--80ak6aa92e while punycode value from apple English is apple only.

punycode phishing appleWe researched for one more example of famous mailing service provider aol. Here аоӏ is similar to aol. While punycode value of аоӏ xn--80a2a18a which different from aol.

See Also:Android Banking Trojan Hiding In Apps Under Different Names: Targeting over 420 apps worldwide

How to detect and secure yourself from phishing with Unicode domain?

How to detect phishing page with Unicode domain?

To find whether it is a phishing page with unicode domain you can use following three ways:

  1. Copy the url and paste it in notepad(If you are using chrome than this method will show you the punycode version of domain)
    Note: It will not work for firefox users
  2. Convert it’s text value to its corresponding Punycode value. You can use to verify it’s punycode value.
  3. Click on information sign in url bar and then click on arrow for more information and then view certificate or cookies. By this method you will find it’s value and can verify that page is a phishing page or original one. Below are the images of steps:

    From certificates

punycode from certificate

  From Cookies

punycode phishing cookie

How to defend from a punycode phishing attacks?

Below are the steps to defend yourself from a phishing attack containing similar text using punycode method:

  1. You can use password manager. If site still asks for password than check its punycode value
  2. Most of the time try to type urls manually rather than clicking on it(Do this untill this bug will be fixed)

Have something to add ?? Please share in comments or contact us.

Follow us on Facebook, Google Plus and Twitter.