Microsoft takes on homograph domains

The Internet can be a dangerous place. It seems every day we hear horror stories of hacking and phishing attacks.

And some of these dangers track back to the domain names themselves, in which appearances are deceiving. As shown below, one of these domains is legitimate and one is deceptive:

Which is legitimate and which is not? The second domain includes two numerals.

Homograph domains are domains that may be technically different but appear similar. And much damage can be done if you fall for one the deceptive domain.

Microsoft is doing its part to go after registrars and service providers, those companies that provide such domain names as well as email services.

According to Microsoft

These malicious homoglyphs exploit similarities of alpha-numeric characters to create deceptive domains to unlawfully impersonate legitimate organizations. For example, a homoglyph domain may utilize characters with shapes that appear identical or very similar to the characters of a legitimate domain, such as the capital letter “O” and the number “0” (e.g. MICROSOFT.COM vs. MICR0S0FT.COM) or an uppercase “I” and a lowercase “l” (e.g. MICROSOFT.COM vs. MlCROSOFT.COM). We continue to see this technique used in business email compromise (BEC), nation state activity, malware and ransomware distribution, often combined with credential phishing and account compromise to deceive victims and infiltrate customer networks.

On a side note, one of the major criticisms against internationalized domain names (IDNs) is that they will lead to less secure domains. But as you can see here, even plain old combinations of Latin characters and numerals can be used to deceive. IDNs don’t necessarily make the Internet less secure. Much of the security challenge rests with the registrars, registries and ICANN.

John Yunker
John Yunker

John is co-founder of Byte Level Research and author of Think Outside the Country as well as 19 editions of The Web Globalization Report Card.

Articles: 1498