How to differentiate rogue URLs from the authentic ones
How can you identify if the domain is authentic or impostor? The answer may depend on your knowledge of Domain Spoofing and your familiarity with the IDNs International Domain Names. But there is one more point where you can take care to authenticity of DNS, your web browser.
Using punycode, registration of domains in foreign languages(non Latin alphabets like Cyrillic and Ukranian) is made possible. It converts strings of Unicode (UTF-8) to American Standard Code for Information Interchange (ASCII) format. For example, the domain “xn — domain.com” is equivalent to “㯙㯜㯙㯟.com”
Using this technique, apple.com can be represented as ‘xn — 80ak6aa92e.com’ and a fake domain can be created. This fake domain will will work as a phishing website, encouraging apple.com’s traffic to its fake domain. The UNICODE characters are difficult todistiguish from ASCII characters and hence a user can be misled to a domain phishing attack.
Another one such is the following. Go ahead and click the following website. Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name:
In the latest browser the above website may open as https://www.xn--80a7a.com/.
There are more than 136,000 Unicode characters to represent each letter of different languages. Today most of the major browsers warns the users by attepting to warn them by showing punycode lookalikes.
Best Practices to recognize fake domain Ids:
- Always keep the browser’s setting to display punycode names.
- Pay attention to the URLs, especially while entering your personal details.
- Use smart third party softwares which are capable to differentiate between authentic and rogue URLs.
- Keep your browser updated.
Logix Infosecurity being an expert in the security field since 18 years, is coming up with DMARC (Domain-based Message Authentication, Reporting & Conformance) for email authentication policies and reporting protocols. It will enhance the protection of your business domain from fraudulent fake domain emails and keep your servers more secure.