Homograph Attacks Fool Microsoft’s Email Software

BACKGROUND:

ITPro Microsoft Outlook shows real contact details in some phishing emails. Microsoft Outlook is susceptible to phishing attacks using internationalized domain names (IDNs), according to reports from two separate security researchers. The email client will display legitimate contact details alongside spoof emails sent from these domains. Phishing attacks sent from IDNs are also known as homograph attacks.

They use Unicode characters from non-Latin character sets, such as Cyrillic or Greek, that look like regular Latin characters. An attacker might register the domain tωitter.com, which uses an international alternative to a regular ‘w’. Browsers have long recognized and flagged IDNs, displaying them in their original Unicode format (known as Punycode). This makes them easier to spot. The tωitter.com IDN would show up as xn–titter-i2e.com, for example. However, researcher dobby1kenobi revealed that Microsoft Outlook does not highlight them. Moreover, if a spoofed email using an IDN resembles a legitimate email address in the recipient’s Outlook contact book — for example, real.person@tωitter.com instead of real.person@twitter.com — the software will display the legitimate person’s contact details next to the phishing email.

Experts Comments

September 08, 2021
Jake Moore
Cybersecurity Specialist
ESET

Email remains a real threat and attack vector to organisations so employees must be trained to quickly check the authenticity. The misuse of Unicode can make people slip up easily in the daily furor and notion of their normal routine in amongst genuine emails so people need to stay alert to such techniques. Because a spoofed email address would cause the real employee's contact details to appear, many employees might be fooled into thinking the email was legitimate. However, emails can be

.....Read More

Email remains a real threat and attack vector to organisations so employees must be trained to quickly check the authenticity. The misuse of Unicode can make people slip up easily in the daily furor and notion of their normal routine in amongst genuine emails so people need to stay alert to such techniques. Because a spoofed email address would cause the real employee's contact details to appear, many employees might be fooled into thinking the email was legitimate. However, emails can be signed via digital signatures which helps in the quick validation required plus people should err on the side of caution whenever financial or sensitive data is being requested.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.