When people go to pay taxes or pay for services, such as airline tickets, care needs to be taken as there are fake websites that seek to impersonate legitimate websites. Some of these fake websites can appear very similar to the legitimate ones (homographs), leading people to inadvertently provide the fake site owners with their personal data.
These types of websites use an array of letters and numbers that are close to the site they are seeking to impersonate. Security firm Wandera has stated there is a “constant rise” in attacks using the non-standard characters.
To achieve this, those who establish illicit websites exploit a technology known as punycode, which converts non-English character codes into more familiar formats. Punycode is a representation of Unicode with the limited ASCII character subset used for Internet host names.
As an example, British Airways is a popular target for gangs using these attacks. The web address for the U.K.’s biggest airline is: britishairways.com, under punycode this is presented as xn-britishairways-514g.com, as a fake link to a fake website acting as a phishing domain (warning – do not type this into your web browser).
Google has indicated it will modify Chrome so that it browser warns people they are about to visit sites it believes are fake, according to the BBC. This was announced by Google engineer Emily Stark who discusses the development of the “evil domain” spotter at the Usenix Enigma security conference. Google has shared a beta version of the tool to aid web developers to test and refine it.