Homograph Attack Spoofing Apple.com Domains

Following the news that Spoofed apple.com links are tricking people into visiting Russian domains in what is called a “homograph attack”, which was meant to be fixed more than a decade ago. Tim Helming, Director at DomainTools commented below.

Tim Helming, Director at DomainTools:

Tim-Helming“Cybersquatting–registering and using domains intended to spoof well-known entities–is a huge and global business. These homographs, which can be very hard to detect even for those who are vigilant, are just one of many techniques used by criminals to lure users into giving up credentials or other sensitive information, downloading malware, etc. To complicate matters, domain registrars generally do not put guardrails in place to prevent such registrations. Multiply the many possible homographs of any given word by the myriad top-level domains (.com, .net, etc. as well as the newer ones such as .win, .movie, and so on) and it becomes such a massive namespace that even the most highly-resourced (and targeted) companies can’t defensively register all of the possible combinations to keep them out of the hands of criminals.

On the user’s side, there are also several challenges: most of us are moving at a fast pace, often with lots of distractions, so it can be easy for users to miss cues that a domain may be dangerous. Moreover, many dangerous domains redirect users to the legitimate site after silently compromising the victim, so the victim doesn’t realize what has just happened.

The clever (mis)use of extended character sets to create look-alike domains is rampant; we have used our technology to study patterns of such domains at Internet scale, and the research confirms that companies as well as users need to be aware of and vigilant against them. Many of the domains are registered by actors who own hundreds or thousands of them–but unfortunately they often operate outside the reach of relevant law enforcement or government authorities.”

In this article