The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets, making the domain look identical to the Daily ASCII domain. Unicode domain names could be problematic from a security point of view, as many Unicode characters are hard to distinguish from regular ASCII characters. Phishing attacks with Internationalized Domain Names (IDNs) using Unicode characters and non-Latin character sets such as Cyrillic and Greek look like typical Latin characters.
Outlook phishing emails sent by an IDN have a severe problem. The recipient cannot distinguish between the real and the fake email handles and also views the contact card of a professional contact – which is against their privacy – because they see the person affected by the attack. If the email comes from a similar domain, Outlook will show the person’s contact card registered on that domain or an equivalent address instead of the fake sender. Thus, the problem with Outlook is that the recipient of a phishing email from an IDN cannot tell the actual email address from the fake one, and also views the “contact card” of a “professional contact” because they see the details of the “victim” instead of the attacker.
What Are IDN Attacks?
Domain owners can register multiple versions of their domains, such as ASCII and IDN versions, to enhance user experience and prevent potential counterfeiting. Fake domain names resembling legitimate websites can lead users to counterfeit websites that collect confidential user information. The ability to register domains with identical characters, mainly Arabic character sets, provides a versatile attack space for malicious actors from which threats can operate.
In short, attackers can register doppelganger domain names by exploiting the similar appearance of certain characters in English, Chinese, Latin, Greek, and other scripts. Punycode encoded domains can be designed to resemble trusted domains by using homographic characters or different character sets. This attack uses internationalized domain name homographs that rely on users accessing Unicode (ASCII) characters resembling Latin ones.
The attacker hosts a malicious site, attracts potential victims, exposes them to exploits and malware downloads, and the user is neither wiser about what’s about to happen nor has a way to realize that the domain name is wrong.
What Happened In MS Outlook’s Case?
According to reports from two different security researchers, Microsoft Outlook is unprotected against phishing attacks using international domain names (IDNs). Phishing campaigns use Microsoft Outlook to deceive people who believe that fake emails originate from genuine contacts. Earlier this month, Infosec professional and Pen-tester Dobby Wankenobi showed how he could trick the address book component within Microsoft Office to display accurate contact information, even though the fake email address of the sender uses IDNs. Microsoft’s response states that the vulnerability has not been fixed and points out that this type of phishing attack is unsuccessful with Outlook Web Access (OWA). According to Manzotti, senior consultant of Dionach, Outlook will not verify encrypted domains, allowing attackers to fake valid contacts within the target organization.
The problem of IDN-based phishing websites was in the headlines in 2017 when web application developer Xudong Zheng demonstrated that modern browsers did not recognize them at the time. Unicode domains are problematic for security because many Unicode characters are difficult to distinguish from standard ASCII characters. However, research has shown that sophisticated phishing attacks using IDN homographs are possible.
Do You Need to Take Any Precautionary Measures?
The IDN-based homograph attacks, also known as name homoglyphs or script spoofing, is a method by which an attacker deceives their victims by announcing that the page they are visiting is genuine.
The best approach to defend against such attacks on the client side is to ensure that web browsers do not support IDNs. Chrome and popular browsers try to balance the need to implement IDN policies so that IDNs can appear as valid domains while protecting them from confusing homographic attacks.
Attacks Like These Prove Why Phishing Awareness Training Is Important
Phishing awareness training helps educate the end-users about specific phishing threats they encounter in their daily lives. It has become a necessity in the current times to safeguard the organization’s valuable information assets against phishing threats posed by malicious actors.
Phishing awareness training is essential for employees so that they know what is legit and what is not. It plays a crucial role in preventing employees from becoming vulnerable to attackers. Verizon Communications Inc.’s Data Breach Investigations Report found that 94% of malware was delivered via email, and one-third of all breaches involved manipulation of employees via phishing attacks. Further, it showed that one-third of all cyber-attacks are attributable to phishing scams, and the number jumps to 78% if one includes cyber-espionage attacks. Also, human errors caused 85% of data breaches, and 61% of breaches involved leaked credentials. One such case was discovered by a security researcher at the Akamai organization who spotted a phishing scam in which Netflix customers were asked for payment details, for example, by embedding an advertised tweet that redirected users to a genuine-looking PayPal login page. Another phishing instance involved an email that appeared to be from United Parcel Service Inc. (UPS) with an alleged tracking link that motivated 21% of the users to reply to it. Such incidents keep emphasizing how vital phishing awareness training is, which can help employees be aware of an attempt to trick them.
Another report revealed that phishing attacks are the most widespread and have risen by 63% since the pandemic.
In essence, without a state-of-the-art training strategy, employees cannot be capable of detecting and thwarting such phishing and social engineering attempts.
Final Words
The problem with Outlook phishing emails sent by IDNs is that the recipient cannot distinguish between the fake and the actual email addresses and can view a legitimate contact’s contact card. The use of external sender email alerts and email signing security features are also steps organizations should take to deter phishing attacks, besides preparing the employees with the best training sessions.