09 September 2021
Microsoft Windows key

Microsoft has recently won a court order to take down malicious homoglyph domains, but what is a homoglyph domain and why is it malicious?


What is a homoglyph domain?
A homoglyph domain is a domain that looks similar to a legitimate domain, but it definitely isn’t. The domains exploit the similarities between alpha-numeric characters to create this legitimate appearance. 

An example of this would be MICROSOFT.COM and MICR0S0FT.COM. At first glance, you might not notice that the O’s in Microsoft have been replaced with a zero. This is what cybercriminals are hoping will happen as you begin to use their homoglyph domain.

You may have heard of typosquatting and be thinking what’s the difference between the two? Although similar to homoglyph domains, typosquatting relies on users not noticing a small typo in the domain name. To continue using our Microsoft example, a malicious typosquatting domain could be MICROSFT.COM where the second O in Microsoft is missing.


How are homoglyph domains used maliciously?
Cybercriminals use homoglyph domains to gain information to most often carry out business email compromise (BEC), malware and ransomware distribution, and phishing attacks. They can use stolen credentials to craft a phishing attack with a homoglyph email domain. The example used by Microsoft had cybercriminals impersonating an Office 365 customer that was asking for payment by changing a single letter in the email domain.

Once the cybercriminals have the access and information they need, they will often move the user over to a third-party infrastructure so that they can continue with the victim without being detected.


What can be done about homoglyph domains?
Other than winning court orders, what else can be done to stop cybercriminals using homoglyph domains maliciously?

As users, we can make sure that we check the domains of emails and websites as soon as we suspect anything. A good indicator to look for is an SSL certificate when viewing a website in a browser. This is often represented as the lock symbol at the left of the browser bar.

Businesses need to stay vigilant by monitoring their online presence and can get started by following the 4 best practices identified by Afilias Australia and CSC. Having a .com.au domain for your business will also add an extra layer of security due to the comprehensive licensing rules to register a domain. These checks make it harder for cybercriminals to impersonate your business and your customers will be more familiar with your correct .com.au domain.