To print this article, all you need is to be registered or login on Mondaq.com.
Phishing comes in many shapes and forms and is a menace which is
as old as modern internet itself. This particular piece will cover
a more advanced and often dangerously overlooked type of phishing
or web-attacks. Phishing involving minor typographical errors is
not a new threat to the public. While the awareness levels of the
general public and internet users has increased by leaps and bounds
over the years, many can easily still fall prey to devious
phishers. It is after all, a common cognitive error wherein readers
comprehend the entirety of the text based on a few familiar
letters, despite spelling errors and other misplaced letters
therein – for example, it is very easy to confuse
‘AstraZeneca‘ and
‘AztraZeneca‘ or
‘PFIZER‘ with
‘PIFZER‘. For more information regarding
such phishing and typo-scams, please see our earlier article at
https://ssrana.in/articles/typoscam-typosquatting-phishing-covid19/.
With the increase in sophistication in phishing coupled with the
ever increasing quantum of general awareness of internet users,
phishers are also employing more sophisticated tactics to
perpetuate their scams – for example, once can appreciate how
difficult it may be for a person to distinguish between
Citibank.com and
Citibɑnk.com.
WHAT IS A HOMOGRAPH OR A HOMOGLYPH?
The online Merriam-Webster dictionary defines a
‘homograph’ as one of two or more words spelled alike
but different in meaning or derivation or
pronunciation1. Whereas Oxford defines a
‘homograph’ as words that are spelt the same but have
different meanings, such as content (what is inside) and content
(satisfied) or wind (air) and wind (twist)2.
Whereas many other online dictionaries such as Wordnik,
YourDictionary, etc., define a ‘homoglyph’ as a character
or a glyph which is so identical with another character/glyph, that
the difference is not visible upon a quick perusal3.
A non-exhaustive list of such character/glyphs is given below
for reference:
| Character/ glyphs which closely
resemble English/Latin characters |
||
| ɑ – similar to
“a” |
– similar to “u” | – similar to p
|
| – similar to “k” | – similar to “b” | 0 – similar to “o” or
“O” |
| – similar to “n” or II | – similar to “H” | г – similar to “r” |
HOMOGRAPH/ HOMOGLYPH SPOOFING
Thus, the concept of ‘homograph/homoglyph spoofing’ or
‘homograph/homoglyph phishing’ or ‘homograph/homoglyph
attack’ in essence, inter alia involves the use of domain
names/websites/emails, etc, which closely resemble the original
domain/website, and is only differentiated by the use of similar
looking characters like the Cyrillic alphabet
“ɑ” as compared to its English
variant “a“. Thus, a homograph or
homoglyph attack can be associated with a hypothetical
domain/website such as Citibɑnk.com or
CitiБank.com, which users can mistakenly
believe to read as Citibank.com.
Certain hypothetical examples are shown below:
| Real Website/Domain | Fake Website/ Domain | Observations |
| Gtbank.com
Covaxin.com
IndiaVaccines.com
|
Gtbɑnk.com
Covɑxin.com
IndiaVɑccines.com
|
The alphabet “a” used in the fake
domain/website is “ɑ” from the Cyrillic alphabet. |
Thus, a simple substitution of the Latin/English alphabet
“a” by the Cyrillic letter “ɑ” in itself
has the potential to turn into a huge menace.
It is pertinent to keep in mind that while a words like
“bɑnk” or
“vɑccine” (i.e.
bank and vaccine wherein the
alphabet “a” has been substituted by
“ɑ“) can easily be detected and
red-flagged in a word editor such as MS Word or such softwares,
such names may not be flagged in many web-browsers/ URL tabs.
Moreover, the threat of such spoofing/phishing is even more
dangerous when one receives emails from such websites/domain names.
Such phishing/spoofing/web-attacks are not limited to usage of
special characters like “ɑ” or
“г“, but may also involve clever
use of combination of standard English/Latin characters, such as
r + n = rn (similar to the alphabet
“m“).
In a way, such homographic/ homoglyphic spoofing/phishing is
very similar to typosquatting and it can be said that these types
of web-attacks/scams are even more difficult to detect as compared
to traditional typosquatting.
Such skilled phishing/spoofing/web-attacks assume even greater
importance in today’s world, considering the COVID-19 pandemic.
Internet Users must be more aware and cautious than ever before, to
not fall prey to such criminals. [For more information about
examples of such Cyber Theft and the laws governing such
cyber-crime in India, please refer to
https://ssrana.in/articles/cyber-theft-a-serious-concern-in-india/
.]
DOMAIN NAME ARBITRATION – A SOLUTION TO OBTAIN SUCH
DOMAIN NAMES
As discussed in our earlier article at
https://ssrana.in/typoscam-typosquatting-phishing-covid19/,
domain name arbitration is a good option for tackling such matters.
In this scenario, such web attacks/phishing/ spoofing borne out of
usage of homographs/ homoglyphs can be said to be a subset of
typosquatting.
UDRP (UNIFORM DOMAIN-NAME DISPUTE-RESOLUTION POLICY) ON
HOMOGRAPHS/ HOMOGLYPHS
While certainly not as prevalent as ‘traditional’
typosquatting, domain names which comprise of such characters have
indeed come up before UDRP panels. UDRP panels in the below cases
tackled this issue and held in favour of the Complainants:
| S.No. | Trade Mark | Domain Name | Case No. | Our Comments |
| 1. | BLOOMBERG | XN–BLOOMBEG-M0D.COM
(bloombeɾg.com)
|
Claim Number: FA1808001802017
Forum (NAF)
|
The alphabet “r” in the
word Bloomberg was replaced by “ɾ“. |
| 2. | MILWAUKEE | rnilwaukeetool.com | FA2103001935361
Forum (NAF)
|
The alphabet “m”
in the word Milwaukee was replaced by
|
| 3. | GROUPON | xn--roupon-h0c.com
(ɡroupon.com)
|
D2020-2302
(WIPO)
|
The alphabet “g” in the
word Groupon was replaced with the character “ɡ“. |
| 4. | WOLF, WOLF OIL CORPORATION
(website: wolfoil.com)
|
wolf0il.com | D2016-1398
(WIPO)
|
The alphabet “o” in the
name Wolfoil was replaced by the numeral “0“. |
CONCLUSION
As illustrated above, there is a very real threat of being
targeted by web-attacks which may originate from or be based upon
domain names/websites which use homographs/homoglyphs to
impersonate the original website and steal confidential personal,
medical or financial information. As such, it is more important
than ever to carefully watch what you read, when
dealing with emails/websites/domain names/SMSs, etc. Hence, the old
adage Customer Beware is more relevant than ever,
especially in this day and age where terms like COVID, VACCINE,
etc., have assumed far more importance and visibility than ever
before.
From a IP rights-holder’s perspective, a good option for
recovering such infringing domain names is by filing domain
complaints – provided no active or hazardous fraud is
being perpetuated by the domain name, as in those cases, a lawsuit
(for interim injunction) or a complaint with the cyber cell would
be a more comprehensive option.
Footnotes
1 Definition of homograph, Merriam-Webster, https://www.merriam-webster.com/dictionary/homograph
2 Definition of homograph, Oxford,
https://www.oxfordreference.com/view/10.1093/oi/authority.20110803095943295
3 Definition of ‘homoglyph’ on online
dictionaries: http://dictionary.sensagent.com/Homoglyph/en-en/,
https://www.yourdictionary.com/homoglyph,
https://www.wordnik.com/words/homoglyph
For further information please contact at S.S Rana &
Co. email: info@ssrana.in or
call at (+91- 11 4012 3000). Our website can be accessed at
www.ssrana.in
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Media, Telecoms, IT, Entertainment from India
