Globalized Domains – Will we see more tricks from Phishers and Spammers?

Posted by Minal Pithia

Mon, Dec 21, 2009

Marshall McLuhan's 1962 prediction of the "global village" is manifested today in the form of the internet, a self-governing community without borders involving the integration of different cultures.  Worldwide communication is instantaneous and the internet is becoming more global and accessible. Did you know that the first official domain name in non-Latin characters will appear in 2010?  The Bulgarian government is one of the first to register internet domains in Cyrillic. It will be interesting to see the impact this will have on the internet.

Recently, the Internet Corporation for Assigned Names and Numbers (ICANN) approved a fast-track process for implementing non-Latin domain names by early to mid 2010. As Latin characters dominated the internet, a switch to non-Latin characters will allow people from all over the world to register domains in Arabic, Mandarin, Japanese and Russian to name a few. With this new implementation it may become problematic in controlling spammers and phishers. Peter Wood, member of ISACA's Conference Committee and founder of First Base Technologies states, "While we understand the interest in expanding the characters offered in other languages, we are concerned that an increase in web site characters could lead to greater security risks and consumer fraud," As, most modern scripts have a similarity to Cyrillic scripts, many experts predict an increase in spoof URL's that confuse users into distinguishing a fraudulent site from an authentic one. For example, here is a list of characters in Cyrillic that look like Latin characters: y, k, e, x, b, a, p, o, c and g. Characters that look alike are known as homographs. The scope for homograph attacks widens, as IDN's allow for the use of full Unicode character set. One could see the implications of this as it's possible to create domains like "bank" using the lower case Cyrillic ‘a'.

Read More

Topics: ICANN, phishing scams, globalized domains

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all