Homograph Phishing: Spoofing URLs with Similar Characters

Understanding Homograph Phishing

• 💡 Homograph phishing is a social engineering technique that tricks users by using similar-looking characters in a phishing URL to spoof a legitimate site.
• 🎯 The term "homograph" refers to words spelled the same but with different meanings, while "phishing" is the act of tricking users into believing they are interacting with a trusted entity.

The Role of Unicode in Homograph Attacks

• 💻 Unicode is an encoding standard that supports over 144,000 characters, enabling text in many languages, unlike the limited ASI standard.
• ⚠️ Homograph or homoglyphing attacks exploit Unicode by inserting characters from different languages into URLs that appear identical to the human eye.
• 🔍 A common example is replacing the Latin letter 'O' with the Cyrillic letter 'O', which look the same but lead to different sites.

Typo Squatting vs. Sophisticated Attacks

• 👾 Typo squatting involves simple character replacements, like using a zero for the letter 'O', which are easier to spot.
• 🚀 More sophisticated homographic attacks use International Domain Names (IDNs) to insert characters from different languages.
• ⚠️ While these IDN homograph attacks require more effort and custom domain registration, they are a viable option for highly motivated threat actors.
• 🛡️ Most modern browsers are moving away from displaying Unicode characters directly in favor of their ASCII equivalents, making these attacks less common but still possible.

Nerd Reference: Mission Impossible Masks

• 🎭 The Mission Impossible franchise is used as a metaphor, where the rubber face masks created by the IMF team are akin to homographs.
• 🤝 These masks allow IMF members to impersonate others, enabling them to "fish" for information from targets who are unguarded around seemingly familiar individuals.