ITPro Microsoft Outlook shows real contact details in some phishing emails. Microsoft Outlook is susceptible to phishing attacks using internationalized domain names (IDNs), according to reports from two separate security researchers. The email client will display legitimate contact details alongside spoof emails sent from these domains. Phishing attacks sent from IDNs are also known as homograph attacks.
They use Unicode characters from non-Latin character sets, such as Cyrillic or Greek, that look like regular Latin characters. An attacker might register the domain tωitter.com, which uses an international alternative to a regular ‘w’. Browsers have long recognized and flagged IDNs, displaying them in their original Unicode format (known as Punycode). This makes them easier to spot. The tωitter.com IDN would show up as xn–titter-i2e.com, for example. However, researcher dobby1kenobi revealed that Microsoft Outlook does not highlight them. Moreover, if a spoofed email using an IDN resembles a legitimate email address in the recipient’s Outlook contact book — for example, [email protected]ωitter.com instead of [email protected] — the software will display the legitimate person’s contact details next to the phishing email.
<p>Email remains a real threat and attack vector to organisations so employees must be trained to quickly check the authenticity. The misuse of Unicode can make people slip up easily in the daily furor and notion of their normal routine in amongst genuine emails so people need to stay alert to such techniques. Because a spoofed email address would cause the real employee\’s contact details to appear, many employees might be fooled into thinking the email was legitimate. However, emails can be signed via digital signatures which helps in the quick validation required plus people should err on the side of caution whenever financial or sensitive data is being requested.</p>