Domain Marketing Services | Domains For Sale | Buying and Selling Domain Names | Web Hosting | Domain Name Marketing | Domain Name Business


Scams

Internationalized Domain Names and Homograph Attacks

by Blondiewrites on April 8, 2010

Internationalized Domain Names and Homograph Attacks

With normal spoofing a scammer tries to get personal information by sending fraudulent emails masquerading as an official website an individual might be working with. While some fall for the deception, many know better since the domain name in the email doesn’t resemble the domain name they usually use to access whatever site. However, what happens if a domain name looks exactly like an official website?

This, in combination with a more ‘professional’ email, could trick someone into giving away all of their personal data. And when this happens they will eventually become victims of identity theft. But, how can a scammer acquire a domain name that looks official? It’s through the unfortunate practice of the homograph attack.

What is a homograph attack? A homograph attack is when a person makes an internationalized domain name, (also known as an IDN), look like a traditional domain name associated with a popular website. They are able to do this because of the way internationalized domain names work. Basically, internationalized domain systems use a different type of coding system than the ASCII-based domain names Americans are used to.

However, even with a different coding system, some languages have characters that look similar to characters used in American English. Scammers exploit this by taking these letters and creating domain names that look ‘new’ to browsers and servers, at least in terms of coding. To the human eye, these fraudulent domain names appear to already be taken, which is exactly what a scammer wants. They cause further confusion by creating sites that look pretty much like the sites associated with the original domain name that the scammers are spoofing.

Before and even after internationalized domain names became popular, homograph attacks were expressed through spoofing just English characters. Scammers exploited the visual similarities between ‘O’ and ’0′ or ‘I’ and ‘l’. Examples include ‘G00Gle.com or ‘PayPaI.com.’ If a person is not paying attention, they could still become victims, but at least these types of domain names still look unusual. With internationalized domain name homograph attacks, the above-mentioned websites could look just as they are supposed to, fooling even the most vigilant Internet user.

So, how can a person prevent becoming a victim of an internationalized domain name homograph attack? First, they should never click on any domain name that is given through an email. Instead, they should enter the domain name manually into their browser. In situations where one is working with a third-level domain that could be harder to remember, Internet users need to copy and paste the domain name into Notepad. This program will help them determine what character set and coding is being used for the domain name. If it’s not English and ASCII, a person should be weary.

In conclusion, internationalized domain name homograph attacks can cause a lot of havoc for Internet users. However, Internet users should find comfort in the fact that while they do need to be aware of the presence of the homograph attack, the traditional method of spoofing which is much easier to spot tends to be more common. This is because a person must be both clever and lucky to land an internationalized domain name that looks that much like a domain name that is already in use. It’s much easier for scammers to try and fool people through email hyperlinks.

Post to Twitter Post to Yahoo Buzz Post to Delicious Post to Facebook Post to Reddit Post to StumbleUpon



{ 0 comments }

Beware of a Domain Name Buying Scam

by BlondieWrites on December 10, 2008

A few minutes ago, I received an interesting email from one Dan at DomainGuardSystem.com concerning a domain name I previously owned, a dot org. In this email, Dan is attempting to get me to pay him $99 for a domain name that he does not own. In fact, it is available on GoDaddy.com for a mere $7.69 a year, when used with the discount code zine3.

This type of scam is being played for one purpose: to take the hard earned money of unsuspecting people. Paying a price for a domain name that someone owns and that you wish to buy is one thing. Paying a huge sum of money for a domain name that is not owned is nothing short of a scam.

At the present time, it appears that Dan is targeting only fot org domain name owners. I did a search and found another person who received the same type of email, nearly word for word, at http://boston.conman.org/.

Here is the copy of the email, with the domain name left out.

From: dan@domainguardsystem.com
To: teddybearteam@aol.com
Subject: xxxxxxx.com for the owner of xxxxxxx.org
Date: 12/10/2008 10:16:40 P.M. Central Standard Time

Hi,

The domain xxxxxxx.com has recently become available for us so we are offering it to you, because you are the owner of its .org version.

Domain Guard System is intended to assist our clients with their promotion on the Internet. We use many methods to increase the effectiveness of a client’s presence on the Web. Securing .com domains for anyone using another extension for their site is one of them.

There are several reasons why owning a .com is of great importance for any domain holder:
- It’s in the essense of Internet: .com is most popular and widely used, and the typical user usually supposes that he/she will find you at xxxxxxx.com. A lot of companies and organizations who use other extensions as primary (.net for Web services or private sites, .org for non-profit organizations etc.) are securing .coms not to lose the visitors who are seeking them there. With .com, you will be free to use both your .org and .com so you will only gain visitors.
- By owning the .com, you will be sure to stay #1 in your own name space.

If you are interested in this domain, please act quickly, as we soon intend to bring it to the auction where the acquisition cost will be higher than now.

Please use the link below to discover the current cost of the domain, read more about the advantages of owning a .com and get information on the details of the purchase and domain transfer procedure:

Secure xxxxxxx.com now!

Best regards,
Dan Johnson
Domain Guard System
mailto: dan@domainguardsystem.com

Given the fact that this person seems only interested in making money off of unsuspecting domain name owners, it’s a good idea to ignore emails from him and if you want the domain name, simply go to GoDaddy or your preferred domain name registrar and buy the domain name there. This guy is pocketing about $90 per sale if you buy from him. He doesn’t own what he is trying to sell, he has a price set that is nonsense, and this screams SCAM.




Post to Twitter Post to Yahoo Buzz Post to Delicious Post to Facebook Post to Reddit Post to StumbleUpon



{ 0 comments }