A security risk lurks where you’d least expect it

According to Retruster, 76% of businesses reported being victims of a phishing attack in 2019. While this startling number shows that they’re unfortunately common, not all phishing attacks are created equal.

There’s a particularly sneaky form of phishing on the rise: the use of homographs in domains. This type of attack evades many of the common cybersecurity measures because it’s not visible to the naked eye and it’s not always covered in standard IT cybersecurity training.

Homographs: The hidden threat

Homographs are fraudulent lookalike domain names that substitute letters or numbers with characters from Latin, Greek, and Cyrillic script tables for the purpose of malicious activity. Cybercriminals can even convert their site into HTTPS and obtain a valid SSL/TLS certificate for these lookalike domains, making them appear more legitimate. 

At first glance, these domain names look like valid sites from well-known brands, so they don’t arouse the suspicion they might if their domain name looked unfamiliar.

 

The malicious use of homographs is especially relevant during the coronavirus pandemic. As seen with past natural disasters and the ensuing panic, phishing attacks are being used to redirect funds meant for COVID-19 relief efforts. According to The Wall Street Journal, the World Health Organization receives daily reports of virus-related phishing attempts. 

Domain security is a crucial piece of the security puzzle

This is a crucial time to gain more industry knowledge around the best ways to thwart this dangerous behavior. One solution? Use domains that come with homographic blocking built in. 


TrueNameTM domains from Donuts Inc. include a robust security technology—at no additional cost to customers—that thwarts malicious domain imposters before they strike. This proactive protection prevents homographs by blocking homographic variations of a domain. Read more about Donuts’ response to homograph abuse.

Prevent homograph abuse with the right domain

Try it yourself: Think of a potential domain using one of the 240+ TrueName domain extensions listed here. Then enter that TrueName domain into the Homograph Spinner tool to see how many homographic variations are or would be blocked at no charge to you. (Entering the domain “security.expert” reported 359 homographs blocked for that domain.)

While you’re evaluating best practices and cutting edge security technology for your organization or your customers, don’t forget to take this simple, preventative step of protecting your domain. Choose a TrueName domain that’s not only memorable and on brand, but that also blocks impostors from the start.