Homoglyphic attacks - The dangerous game with characters
Homoglyphic (also known as homographic) attacks are a sophisticated form of cyberattack in which attackers use similar characters from different writing systems to create deceptively real phishing websites or fraudulent emails. This type of attack is becoming increasingly important as it is difficult to detect and poses significant security risks.
Translated with DeepL.com (free version)
Definition and explanation
This type of attack refers to the misuse of characters that look the same or almost the same in different fonts, but have different encodings or meanings. In URLs or email addresses, a homoglyphic attack can result in a user being taken to a fake website that looks deceptively similar to the real site.
Techniques of homoglyphic attacks:
- Visual deception: Use of visually identical characters, e.g. “1” “l” (lower case L) and “I” (upper case i) or “rn” and “m”.
- International characters: Use of characters from non-Latin scripts (e.g. Cyrillic, Greek) that look similar to Latin letters, e.g. the Greek ο (omicron) and the Latin o.
- Unicode manipulation: Use of characters from the Unicode character set that change the display, e.g. by using the right-to-left override (RLO), which ensures that the letters after it are output in “reverse” order (i.e. from right to left).
Translated with DeepL.com (free version)
Impact and risks
Homoglyphic attacks can have far-reaching consequences, especially for companies that rely on their online presence. Phishing attacks, identity theft and financial losses are just some of the potential risks. As such attacks are often difficult to detect, they can cause great damage before they are discovered.
For users, the main risks are identity theft, compromise of accounts (e.g. email, bank) or loss of sensitive data, which could lead to subsequent blackmail attempts.
For companies, the risks are even more serious:
- Companies whose brands or domains are misused for such attacks can suffer significant reputation losses. The trust of customers after an attack becomes known can be impaired in the long term and thus have a significant negative impact on business.
- Financial losses: Companies usually have to bear the costs of fixing the security vulnerabilities and dealing with the consequences themselves.
- Legal consequences: Companies can face legal problems if they do not take sufficient measures to protect their customers from such attacks. This can lead to fines and civil proceedings, especially in the context of data protection laws.
These attacks are particularly dangerous in sectors such as finance, e-commerce and public administration, where sensitive data needs to be protected.
Protective measures
Fortunately, there are various ways to protect yourself against homoglyphic attacks:
Modern security software uses automation and AI systems to detect and block suspicious activity in real time, effectively blocking phishing attempts. These technologies also analyze URLs for homoglyphic attacks by identifying unusual character patterns and alerting users to potential threats.
Multi-factor authentication (MFA) provides additional protection for accounts and data by requiring multiple verification steps. Even if the password to an account could be determined by the attacker, access requires one or more additional verifications, e.g. entering a code sent to a specific, predetermined device.
Registrars play an important role in identifying and disabling fraudulent domains, monitoring suspicious activity and taking swift action to block or remove phishing websites.
Employees should be regularly informed about how such attacks can take place. Knowledge of social engineering is essential in order to recognize these attacks at an early stage. In addition to advice on “common sense”, this includes encouraging employees never to allow themselves to be put under pressure.
We discussed how hybrid working models can be secured with the experts from Jamf.
Click here for the results from the live talk “Hybrid Work needs Zero Trust”.
Conclusion
Homoglyphic attacks are an underestimated but effective method of deceiving users and stealing data. They use the visual similarity of characters to mislead people. As they are often difficult to recognize, it is all the more important to remain vigilant and take protective measures. Companies should act proactively to protect their customers and employees
Jens Reichardt
Business Development Executive
E-Mail: jreichardt@spirit21.com
Jens is an expert in the field of device management and Modern Workplace. Whether it’s iOS, Android, Windows or macOS, you are in the best hands with Jens if you have any questions.