October is the National Cyber Security month. Our webhosting partners Singlehop asked me to write an article to raise awareness for this cause to improve public knowledge about online and computer security. In this guide, we’ll take a closer look at an attack called “Homograph Attack”
First, let us take a look at what kind of methods blackhat hackers use to gain access to your system and then how you can protect your machine.
Difference between Whitehat and Blackhat Hackers
Hackers is probably a bad word choice to begin with, because everyone who tweaks computers to do what they want is essentially a hacker. The problem is that the word has very bad connotations in the general public and hackers are usually attributed with online crimes such as identity theft and phishing. It is important to differentiate between blackhat hackers and whitehat hackers. The whitehats are usually involved in enhancing/improving online safety and creating useful applications such as search engines or cryptocurrencies like Bitcoin. The blackhats are the real badeggs trying to get your money and identity.
Avoid Scams and Phishing: Turn On Email Headers
Tip: Always turn on email headers to verify where it is coming from
Phishing attacks are wide-spread. Most consumers are aware of the fact that opening a random email attachment can have dramatic consequences. Even my sixty-year old father knows that. But, phishing attacks can be much more sophisticated. Hackers will often go to great lengths to make their email look similar to legit mails and use very sneaky methods to achieve that. For example, a good hacker is perfectly capable of creating an email that looks like it is coming from Paypal and can even spoof the email headers and use IDN domains to make the domain look almost identical.
Tutorial: “Turning on email headers”
How IDN Domains Can Be Used For Sophisticated Scams (IDN homograph attack)
IDN Domains, short for internationalized domain name, can include Arabic, Chinese, Cyrillic characters. Some of those characters almost look identical to the Latin alphabet. That’s how hackers can make a domain look almost similar to that of Paypal or other eCommerce ites.
Take a look at this picture:
It spells wikipedia.org, right? Wrong: The e and a are cyrillic letters that look identical to the Latin e and a.
This is called a homograph attack and is used widely to get access to machines and steal sensitive data. Many Email clients will have trouble displaying actual Punycode in emails and will not be able to protect you
Verify URL in your browser address bar again:
In order to better protect yourself from this and similar attacks you need to make sure to verify the URL in the address bar after clicking on a link. Modern browsers such as Google chrome won’t display IDN domains unless it’s a native language set in your browser as the default language.
It is a good idea to also verify the identity of a website by clicking on the green SSL icon.
Most major companies have a seal that says “Identity verified”. Small shops may not have this seal, but corporations like Paypal or Bank of America will have it. Sophisticated hackers going after high-profile targets will also obviously have no trouble paying for a SSL certificate and make it even more difficult for you, but blackhats running a non-targeted phishing attack won’t bother with this.
Also check for clues on the actual website itself:
Does it somehow look differently? Is there something just off? Ask yourself those questions if you don’t trust a source.
In general, it is a good idea to never click on any links within emails. Banks will never contact you and even Paypal won’t ask you to log into your account to update personal information.