The Coordination Center for TLD .RU/.РФ has put out a new educational article in its series on Universal Acceptance (UA), dedicated to the rules of safe use of internationalized domain names (IDN).
Domain names in native languages (for example, in Russian in .РФ) are user-friendly: they are easy to remember, pronounce and write without mistakes. These are all reasons why IDNs are widespread. However, the other side of their popularity is that they attract a lot of internet criminals who want to use these domains for illegal purposes.
The article examines a typical means of IDN fraud: a homoglyph attack. During this kind of attack, domain name characters are replaced by look-alikes from different alphabets. The letter “o” is a good case in point: it looks the same in many alphabets (such as Latin, Cyrillic and Greek) but has different Unicode. People cannot tell the difference, but software can. Prohibiting the use of symbols from different alphabets in domain names and the local part of email addresses (before @) is a way to counter homoglyph attacks.
“.РФ has solved this problem: the rules of domain registration in .РФ only permit Russian letters as well as Arabic numerals and the hyphen. Mixing several alphabets is not allowed. This means the Russian domain .РФ is one of the safest with regard to homoglyph attacks,” commented Maria Kolesnikova, the Coordination Center’s chief analyst and chair of the UA Local Initiative for the CIS and Eastern Europe.
The article also explains how to recognize fake IDNs, because they can be used for phishing, namely stealing personal and other sensitive data. One of the ways is to check links with IDNs using a browser: a domain with letters from different alphabets will show in the address bar in Punycode, as a set of ASCII symbols with the prefix “xn--". This would likely mean that the URL addressed a fraudulent website, unless you came across software that could not correctly support IDNs. The authors also recommend using the hotlines of competent organizations that specialize in internet crimes.
For example, the article mentions ROCIT’s hotline. The organization, among other things, holds an annual Digital Dictation, a national education event on digital literacy. The dictation’s database includes the Coordination Center’s educational materials on Universal Acceptance.
“Phishing websites that look like originals are one of the most frequent problems Runet users that contact our hotline face, such as fraudulent online shops or numerous fake government websites. Unfortunately, it is almost impossible to rid the internet of such websites, but it’s possible to learn how to tell a real website apart from a phishing page without giving your money and personal data away to criminals. The information library has all the materials necessary to help all users learn how to protect themselves and their data on the internet,” said ROCIT Director Sergey Grebennikov.