SMiShing Attacks Leverage Punycode Technique

Security researchers warn that homograph attacks — also known as punycode technique — are becoming more popularly used for SMiShing to deceive users, steal information, or infect smartphones and other devices with malware. The attacks work because current web browsers fail to tell the difference between spoof sites since the domain characters belong in allowable combinations and whitelisted top-level-domains (TLDs).

Cybercriminals use punycode to mislead users into clicking on the URL included in the message as if it were a legitimate link. SMiShing campaigns with embedded links are becoming popular as consumers are less likely to notice the subtle differences. Web browsers decide if the punycode or the IDN will be displayed based on alphabet combinations — such as Latin, Cyrillic or Unicode — and with character separators “.” or “/” that can be used to spoof the real URL domain label. If the characters are included in the list of allowable combinations, browsers may list the URL with certifications and IDNs while redirecting them to other pages for malware infection.

[Related: Blackhole Spam Run evades detection using punycode]

Cybercriminals are constantly searching for workarounds to current security measures, and users have to be aware of URLs inserted in IMs and SMS that they open. Programmers have yet to find a foolproof fix for the malicious nature of punycode, but here are a few recommendations to avoid these threats:

  • Observe and check for obvious character switches in the domain names of businesses with prompts to open the site, even from trusted contacts.
  • Directly type in the domain name on the browser instead of clicking on the URL in the SMS.
  • Verify if the stated service provider or company sent out messages such as promos or invites.

End users and enterprises can benefit from multilayered mobile security solutions such as Trend Micro™️ Mobile Security™️.  Trend Micro™️ Mobile Security for Enterprise provides device, compliance and application management, data protection, and configuration provisioning, as well as detecting and blocking malware and fraudulent websites. Web reputation technology featured in Trend Micro Mobile Security solutions protects users from threats that may be delivered using IDNs and phishing URLs delivered via IMs and SMS.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.