Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Non-Latin Character Domain Name Support spells phishing problems

ISACA : 03 November, 2009  (Technical Article)
ISACA comments on the ICANN announcement concerning international language support for domain names which could lead to serious phishing threats
Newsletter featured story - sign up for our free weekly editorial newsletter here

Currently web addresses are composed of western, Latin-based characters. ICANN's announcement of International Domain Names (IDNs) will support non-Latin characters including Mandarin, Arabic, Hindu and Cyrillic. ICANN is also discussing Generic top-level domains (such as .com and .org) which will eventually be expanded from its current list of 21 to include almost any word, in almost any language.

This could lead to a significant increase in phishing attacks, with attempts to confuse users by replacing conventional web addresses and Top Level Domains with non-Latin scripts." According to According to, Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lowercase A ('a') is indistinguishable from Latin lowercase A ('a').

There is no way to tell visually that 'example.com' and 'example.com' are two different domain names, one with a Latin lowercase A in the name, the other with a Cyrillic lowercase A. An unscrupulous host site can use this visual ambiguity to pretend to be another site in a spoofing attack.

Just when we think we have got people aware about the dangers of Phishing and advice that says do not click on links in emails, it now becomes even more important. Now more than ever people should type in the address of the website thy wish to visit in their browser or go directly to the IP address. If you do not know what is on the website of the URL you are going to visit before you visit it or click on a link, you should ask "Why are you going there?"

Peter Wood advises organisations and individuals that they should also check that the web security technology they have in place will protect them and will be able to recognise the new character sets to ensure that they will not be directed to a spoof or malicious site.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo