New Phishing Tactic Imitates International Domain Names

Microsoft Office applications appear vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, OneNote and PowerPoint. “Homograph phishing attacks are based on the idea of using similar characters to impersonate another website,” researchers at Bitdefender write. “While most of these attacks are easily recognized by end users with proper training – for example, “g00gle.com,” IDN-based homograph attacks can be identical to the domains they spoof.”

Even if a browser, after opening the link, displays the real name, the email client uses the display name in the preview window. Even users trained to check a link in an email client before clicking on it are vulnerable to this attack technique because it has not yet been translated into a real domain name in the browser. The real domain name does not become visible until the page is opened. Moreover, the website that opens even has a valid security certificate and is completely controlled by a threat actor. The most effective measure to prevent such attacks is comprehensive security awareness training for employees.