The report on the study results provides a theoretical basis, examples of the malicious use of homoglyphs, statistics of homoglyphic attacks in various domain zones, as well as best practices for countering such attacks by international organizations, software developers, domain name registries and registrars, and other representatives of the expert community.
Nowadays the word "homoglyph" itself means graphically similar or identical characters with different meanings. For example, the Latin letter "o" (U+006F), the Cyrillic letter "o" (U+043E), and the Greek letter omicron "o" (U+03BF). Despite the fact that the characters look the same, they are completely different letters that have a different machine encoding.
Moreover, letters with diacritical characters are also referred to as homoglyphs, for example, the Cyrillic letters “e” (U+0435) and “ё” (U+0451), the Latin “a” (U+0061) and “a” with an acute “ á" (U+00E1). There are also compound homoglyphs, consisting of several characters. Thus, the combination of the Latin letters "rn" (U+0072 and U+006E) is visually similar to the Latin letter "m" (U+006D).
Such visual similarity of characters in Internet identifiers (in particular, in domain names and e-mail addresses) can lead not only to accidental addressing errors, but also to targeted substitution of addresses for illegal purposes.
The main threat of the so-called homoglyphic attacks is the creation of phishing resources on domain names that are as similar as possible to legitimate ones. A basic web user looking for the right resource may accidentally come to a phishing site, that scammers tried to make look like the original one. Thus, malefactors can receive confidential information and personal data of the user.
At the same time, the use of homoglyphs for malicious purposes is typical not only for IDNs and e-mail addresses, but also for domains and mail in Latin. According to the statistics presented in the study, there are significantly fewer cases of homoglyphic attacks using domain names in internationalized domain zones in the Cyrillic zone .РФ, than in traditional Latin ones, such as .COM.
The emergence of internationalized domain names and e-mail addresses has expanded the scenarios of homoglyphs abuse, but at the same time, has become an incentive for the development of new protection mechanisms, standards and recommendations for the entire global Internet community.
“Users are more comfortable using e-mail and domains in their native language, and the continued growth of linguistic diversity in the global network suggests that the internationalization of Internet addressing will only continue to develop. At the same time, users should learn to maintain online hygiene and be more digitally savvy, including in relation to various fraudulent schemes using homoglyphs. We hope that the results of our study will help users to protect themselves when working on the Internet, and the Internet community to pay attention to the cybersecurity aspects associated with homoglyphs,” said Vadim Mikhailov, technical consultant of the “Поддерживаю.РФ” project, author of the study.
