/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: After phishing, another formula that the spammers are adopting to spread their Spam messages in the PC is spoofing. This methodology misuses brand names, making it difficult for content filtering softwares to identify the spam.
According to Symantec, one of the recent spam attacks was driven through a process called homograph spoofing, in which the spoofed domain name partially or completely resembled the reputable brand domain name.
Ratnamala Dam Manna, director, Security Technology and Response, Symantec India explained that Spoofing of URL in context of network security is masking of the domain name or sub domain. He added, “Spoofing can happen at various levels. The URL closely resembles the original/legitimate URL. Even in an email header spoofing, the message pretends to have originated from legitimate source.”
Manna added, “The domain names which are visible in the URLs look exactly similar to the legitimate domains. Eg: google.com (Latin characters) and gοοgle.com (Greek characters) looks exactly the same. When these domains are opened in browser using copy and paste, the first domain will direct to google.com and second domain will direct to http://www.xn--ggle-0nda.com/.”
There are three ways of conducting it namely IDN, Punycode, and homograph spoofing. An internationalized domain name (IDN) is a domain name that contains one or more non-ASCII characters. These domain names could actually be in a different language from non-Latin scripts such as Arabic, Chinese, or Devnagari, but could be ignored by a normal user.
A domain name like ?xample.com” uses “?”, which is a Cyrillic character. A user might overlook the difference in character and enter the domain page, inviting unwanted problem.
Another process is through Punycode. It is a syntax designed for encoding IDNs in applications. Using a Punycode, non-ASCII characters are converted into the ASCII character set. Punycode converted names are prefixed with “xn--”. Like, a Punycode for ?xample.com is http://www.xn—xample-ouf.com/.
Lastly, the third part is Homograph Spoofing. This is spoofing of characters by exploiting the fact that in multilingual computer systems, many different characters may have nearly (or wholly) indistinguishable glyphs. This is where users fall victim to spoofing.
Users need to do a little research to identity the right website and protect themselves from web-threats.