Homograph Attacks Fool Microsoft’s Email Software

BACKGROUND:

ITPro Microsoft Outlook shows real contact details in some phishing emails. Microsoft Outlook is susceptible to phishing attacks using internationalized domain names (IDNs), according to reports from two separate security researchers. The email client will display legitimate contact details alongside spoof emails sent from these domains. Phishing attacks sent from IDNs are also known as homograph attacks.

They use Unicode characters from non-Latin character sets, such as Cyrillic or Greek, that look like regular Latin characters. An attacker might register the domain tωitter.com, which uses an international alternative to a regular ‘w’. Browsers have long recognized and flagged IDNs, displaying them in their original Unicode format (known as Punycode). This makes them easier to spot. The tωitter.com IDN would show up as xn–titter-i2e.com, for example. However, researcher dobby1kenobi revealed that Microsoft Outlook does not highlight them. Moreover, if a spoofed email using an IDN resembles a legitimate email address in the recipient’s Outlook contact book — for example, [email protected]ωitter.com instead of [email protected] — the software will display the legitimate person’s contact details next to the phishing email.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
September 8, 2021 10:13 am

<p>Email remains a real threat and attack vector to organisations so employees must be trained to quickly check the authenticity. The misuse of Unicode can make people slip up easily in the daily furor and notion of their normal routine in amongst genuine emails so people need to stay alert to such techniques. Because a spoofed email address would cause the real employee\’s contact details to appear, many employees might be fooled into thinking the email was legitimate. However, emails can be signed via digital signatures which helps in the quick validation required plus people should err on the side of caution whenever financial or sensitive data is being requested.</p>

Last edited 1 year ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x