Hackers Are Using Unicode Characters for Phishing Attack.
A new phishing technique to target users and it doesn't detected by Google chrome, Firefox and Opera browsers.
A Chinese security researchers reported that it is impossible to detect phishing attack that can be used to trick even the most careful users.
By Using PunycodePunycode is a way to represent Unicode within the limited character subset of ASCII used for Internet host names. For example, "München" (German name for the city of Munich) would be encoded as "Mnchen-3ya". Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphen (the Letter-Digit-Hyphen (LDH) subset, as it is called).
According to researcher blog,
From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack.
By Using IDN Homograph attackThe internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike, (i.e., they are homographs, hence the term for the attack). For example, a person frequenting citibank.com may be lured to click a link in which the Latin C is replaced with the Cyrillic С.
An example of an IDN homograph attack; the "e" and "a" are replaced with Cyrillic letters rather than Latin ones.
This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks
xn-- prefix is known as ASCII compatible encoding prefix, which represent that domain are using punnycode to Unicode characters.
How can We Protect?
- To type manually URL into the Browser.
- Firefox users can limit their exposure to this bug by going to about:config and setting network.IDN_show_punycode to true.
- Chrome and Opera still work on Fixing this bug.