Committed to making online interactions safer for all users, Farsight Security regularly investigates systemic threats to the Internet. The design and implementation of the DNS Internationalized Domain Name (IDN) system poses such a threat – one well known by DNS industry insiders and security professionals but not known or well understood by the wider public. The purpose of this research is to bridge that knowledge gap – to offer a keyhole glimpse into the shadowy world of brand lookalike abuse via IDN homographs.

Registration of confusing Internet DNS names for the purpose of misleading consumers is not news. Every user of the Internet learns – often the hard way – that much of the email they receive is forged, and many of the World Wide Web links they are prompted to click on are malicious. Yet IDN, a DNS standard representing non-English domain names, allows forgeries to be nearly undetectable by either human eyes or human judgement, or by traditional Internet user interface tools such as email clients and web browsers.

Using its real-time DNS network, Farsight Security conducted new research to determine the prevalence and reach of homographs, in the form of IDN lookalike domains, across the Internet. Specifically, Farsight examined 125 top brand domain names, including large content providers, social networking giants, financial websites, luxury brands, cryptocurrency exchanges and other popular websites. Our findings underscore that the potential security risk posed by IDN homographs is significant. Any ultimate defence against this variant of Internet forgery will rely on Internet governance and security automation.

Read more by clicking the button below.