Wednesday, May 19, 2010

Phishing and scamming in the new Top Level Domains

Earlier this month was the historic event of non-Latin domain names being introduced on the Internet by ICANN. While half the global internet population does not have a Latin language as their mother tongue, sites can now have Arabic names for example and eventually Chinese, Thai and Tamil.

At the blog of security company Sûnnet Beskerming they have a post which points out some security risks associated with the new non-Latin names
A risk, which isn't immediately obvious, is that this opens up a new world of opportunity for scammers and phishers to register domains that will visually appear very similar to legitimate sites in the address bar, but which will have a base address significantly different, thanks to being registered in a non-Latin script. By relying on alternate character rendering, this could cause problems for users who may not be able to determine the slight differences between otherwise similar looking characters. It also means that software and tools designed to help detect phishing or XSS attacks will have to expand their repertoire significantly to interpret and assess a much broader range of character and rendering sets.
The opportunities for typosquatting will probably multiply, and the Register recently reported this market to be worth almost half a billion dollars annually now. You can read more about this market in Measuring Typosquatting Perpetrators and Funders by Tyler Moore from Cambridge University.

1 comment:

Blogger said...

LIVE CAM MODELS NEEDED!
GENERATE UP TO $10,000 EVERY WEEK.
REGISTER AS A BONGA MODELS CAM MODEL TODAY!