Phishing with Punycode: Beware!

Punycode is a method for converting a domain name into an alternate format using only ASCII characters. For example, the URL "пример-сайта.рф" will have the following appearance in Punycode: "xn ---- 8sbarojrwjdmo.xn-p1ai." Most likely, you have already encountered such URLs.

Domains in Unicode create a certain security problem, because Unicode characters are difficult to distinguish from traditional ASCII characters. For example, you can register a domain "xn--pple-43d.com", which will be the equivalent of "apple.com". At first glance, everything is fine, but here we use Cyrillic "a", not ASCII "a". This fact is based on attacks using IDN-omographs.

Modern browsers allow you to defend against attacks with IDN-omographs. For example, Google Chrome displays a URL in the Punycode format, if the domain name contains characters from several different languages. However, you can simply bypass this filter: you can register a domain in which only Cyrillic characters are used. As a result, identifying the site as fraudulent is quite difficult - you need to carefully check the URL and SSL certificate.

Fortunately, this bug has been fixed in the version of Chrome 58. Firefox users still remain vulnerable, as browser developers believe that domain registrars should deal with this problem. To protect yourself from cybercriminals in Firefox, just go to about: config and set network.IDN_show_punycode to true. As a result, Firefox will output IDN-domains in the Punycode format, which will help to immediately determine chameleon domains.

Protection against these fakes - the installation EV SSL-certificate

SSL certificates with domain verification do not allow you to get all the visual signals that cause users to trust the site. Attackers can easily obtain such certificates and install them on their IDN-domains created to steal valuable information from users. To reduce the risk, it is enough to switch to EV SSL-certificates.

EV SSL certificates allow you to display the name of the organization in the address bar of the browser, which cannot be done with any other SSL certificates. Imitations for sites of large banks, financial institutions, payment systems, etc. are very common. Protection from this is the installation of EV SSL from a trusted certificate authority. You can always buy the best EV SSL certificates at favorable prices in our shop. Caring for your customers is the first step towards creating a clean reputation in the network and, as a result, the rapid growth of sales!