Unfortunately, internet scams just seem to be getting more and more sophisticated these days. Cold-calls and other cons are a thing of the past now. With the continued technological advancement of the internet, online banking and supposedly secure payment portals, scammers have a veritable bounty of potential revenue streams with which to swindle unsuspecting users. Suffice to say, criminals they are taking full advantage of every loophole they can find and exploit.
A phishing scam is a term you’re probably already familiar with; in Layman’s terms works like this; someone sends an email that tells recipients to click through to a link, or download something via what appears to be a legitimate-looking URL. However these URLs will typically contain typos that will clue you into the nature of the fake link. Some of these typos are subtle, some are obvious, but all of them can be spotted if you’re attentive enough.
You’d hope that reading the content of the email would alert the majority of potential scam victims that something’s amiss when the typos start appearing. However, a new type of phishing scam is far more difficult to detect, and could therefore cause even the most savvy and street-wise internet users to fall afoul of these schemes.
A homograph attack is a new and more sophisticated method of phishing, which sends an email containing a URL that will look all-but identical to the real deal.
Here’s how it’s done; a homograph attack works by replacing all of the letters in the URL link with other letters from other alphabets, like Cryllic. This means that a seemingly meaningless combination of letters and punctuation written in unicode can be translated – using a tool known as punycode – into what is referred to as American Standard Code for Information Interchange, which transforms the code back into a readable URL in English.
This means that entirely benevolent URL codes are completely indecipherable from potentially harmful ones; a worrying concept for internet users everywhere.
Thankfully, though, there is a relatively simple solution you can use to protect yourself against such attacks. If you do receive an email you aren’t certain about that tells you to click on a URL link, do not click it. Rather, internet users should type out the URL into their browser; if the link is legitimate, this method should take you to the site. Although slightly more time consuming, this preventative measure could stop you from a massive online headache of malware and viruses.
Xudong Zheng, who has highlighted the potentially damaging phishing scam, does reassure us all by saying that homograph attacks are pretty rare, due to the fact that, once a Cryllic-based URL is flagged, it is essentially rendered obsolete. Unfortunately, though, Zheng does add that such sophisticated attacks aren’t often necessary – he says that many users are being scammed by schemes far less complex and time-consuming.
I suppose it is a hazard of the technologically advanced world in which we find ourselves, and you’d like to hope that the benefits of the internet far outweigh the potential risks and pitfalls.