ITPro Microsoft Outlook shows real contact details in some phishing emails. Microsoft Outlook is susceptible to phishing attacks using internationalized domain names (IDNs), according to reports from two separate security researchers. The email client will display legitimate contact details alongside spoof emails sent from these domains. Phishing attacks sent from IDNs are also known as homograph attacks.
They use Unicode characters from non-Latin character sets, such as Cyrillic or Greek, that look like regular Latin characters. An attacker might register the domain tωitter.com, which uses an international alternative to a regular ‘w’. Browsers have long recognized and flagged IDNs, displaying them in their original Unicode format (known as Punycode). This makes them easier to spot. The tωitter.com IDN would show up as xn–titter-i2e.com, for example. However, researcher dobby1kenobi revealed that Microsoft Outlook does not highlight them. Moreover, if a spoofed email using an IDN resembles a legitimate email address in the recipient’s Outlook contact book — for example, [email protected]ωitter.com instead of [email protected] — the software will display the legitimate person’s contact details next to the phishing email.