02. January 2010 · Comments Off on New non-ASCII domain names increase risk of phishing attacks · Categories: Phishing · Tags: ,

An article in the London-based Times Online last week pointed out the security risks, particularly phishing, of the recent ICANN expansion of domain names to non-Roman characters. Here is the key quote from the article:

The problem for Western users is that the internet addresses of many
well-known companies, such as Apple, Yahoo, Google and PayPal, can also be
rendered to look identical in Cyrillic scripts, such as Russian.

To a Roman-reading eye, an e-mail containing a link to any one of these sites
might appear genuine, while to a Russian-reading eye, “paypal”, for example,
reads as “raural”. An e-mail link could thus lead to a clone site
constructed by unscrupulous thieves, who could then use it to harvest
personal and financial details, or to steal cash.

There are two key reasons for ICANN's expansion decision (from the TechNewsWorld article):

  • Not introducing international domains would mean that alternate root
    servers will be set up around the world because the demand is so high,"
    Tina Dam, senior director for IDNs (international domain names) at
    ICANN, told TechNewsWorld.
  • It is definitely timely to make the IDN TLDs (top level domains)
    available, and we have also seen a demand from Asia and other parts of
    the world for quite some time," ICANN's Dam said. "The fact that you
    have to use a Latin character Web address on a site where the entire
    content is in Russian is not fair for Russian Internet users and does
    not make sense," she added.

There are some good comments on the Times Online article regarding how this type of phishing attack could be blocked. I'm sure most of the email, browser, and URL filter vendors will be responding soon.