phishing

A Case of Identity: Detection of Suspicious IDN Homograph Domains Using Active DNS Measurements

Olivier van der Toorn

The possibility to include Unicode characters in domain names allows users to
deal with domains in their regional languages. This is done by introducing
Internationalized Domain Names (IDN). However, the visual similarity between
different Unicode characters - called homoglyphs - is a potential security
threat, as visually similar domain names are often used in phishing attacks.
Timely detection of suspicious homograph domain names is an important step
towards preventing sophisticated attacks,…

Unicode Homoglyphs

Olivier van der Toorn & Ramin Yazdani

For the last couple of months Ramin Yazdani has been looking into phishing
domains using Unicode characters to appear like the target domain. In this
process he developed a new ‘confusables’ table of Unicode characters which can
easily be mistaken for their ASCII counterpart. The table is based on the
‘Unicode Confusables list’ and the ‘Unicode Similarity List’.