The risks around IDN Homographs are “significant and growing” according to research by Farsight Security.
Its research around IDN lookalike domain names (also called Homographs) over a 12-month period focused on 466 top global brands across 11 vertical sectors. From this, it found 8000 IDN Homographs representing or containing a top global brand name, and 91% offering some sort of webpage and “clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names.”
The company explained that IDNs enable a multilingual internet by allowing users to register and use domain names in almost any written language. As IDN homographs are easy to register and often go undetected by traditional security solutions, these lookalike domains are increasingly being used to commit phishing and other malicious activities.
Dr. Paul Vixie, CEO, chairman and co-founder of Farsight Security told Infosecurity that it initially published a report about this at the start of the year “as we had a theory that this was happening.
“Everybody who is supposed to govern the internet here is supposed to follow rules that preclude this from happening, but they don’t have a way to enforce it,” he said. “So you’re not supposed to be able to use a non-English character in the middle of an English word as that is prohibited by the contracts that they all signed with each other, but no one enforces it. The more we looked the more we found.”
Vixie went on to say that it is critical that organizations identify and manage potential risks to their brands, including IDN homographs, as in most cases “IDN homographs are registered with the purpose to infringe on brands owned by other people/organizations.”
He added: “Our research shows that IDN homographs are often new IDN-based registrations of pre-existing brands; they're not used to ‘replace’ a given website: rather they are often used to create new websites which are, in some (usually malicious) cases, phishing sites of the brands they are lookalikes for.”