Product
System & Network Scanning
Find vulnerabilities in your entire infrastructure.
Web Application Scanning
Find vulnerabilities in your web apps and APIs.
Phishing & Awareness Training
Increase resilience against social engineering.
Business needs
Industries
Information
Partner solutions
Europe
Asia
CLOSE
Alok Sahay,
Sales Director, India
alok.sahay@holmsecurity.com
+91 8800-67 77 99
Hi! My name is Alok and I'm your local representative in India. Looking for a cyber security solution and vulnerability management? Let's talk!
CLOSE
Stefan Thelberg,
CEO, Sweden
stefan.thelberg@holmsecurity.
+46 (0)739-99 33 12
Vi tilbyr den mest effektive metoden for å se og forstå hvor trygt hele IT-miljøet ditt er mot eksterne trusler.
CLOSE
Ahmad Faurani
Sales Director, Southeast Asia
ahmad.faurani@holmsecurity.com
+60 19 434 2727
Hi! My name is Ahmad Faurani and I'm your local representative in Malaysia. Looking for a cyber security solution and vulnerability management? Let's talk!
CLOSE
Cristian Miranda
Key Account Manager, Finland
cristian.miranda@holmsecurity.com
+46 8-550 05 582
Hei! Nimeni on Cristian Miranda ja olen paikallinen edustajasi Suomessa. Etsitkö tietoturvaratkaisua ja haavoittuvuuksien hallintaa? Puhutaan!
CLOSE
Victor Bunge Meyer
Key Account Manager, Sverige
victor.bunge-meyer@holmsecurity.com
+46 08-550 05 582
Välkommen till Holm Security i Sverige! Jag heter Victor och är din lokala kontakt. Kontakta mig om du vill veta mera om vårt system eller sårbarhetsanalyser.
CLOSE
Beth Murrell
Sales Development Representative, Benelux
elizabeth.murrell@holmsecurity.com
+31-20-238 63 94
Mijn naam is Beth Murrell en ik ben uw lokale vertegenwoordiger in Nederland, België en Luxemburg. Op zoek naar een cyberveiligheidsoplossing en kwetsbaarheidsbeheer? Laten we praten!
June 17, 2019
Hackers use multiple techniques of manipulation to trick you into opening a malicious website. In this article you will find information related to UTF-8 characters used in domain names. This can help to Increase your awareness and be a step ahead of the attacker.
The image above is a screenshot from the website https://www.utf8-chartable.de/unicode-utf8-table.pl (external link) where you can find more UTF-8 characters. Due to UTF-8 encoding, you are able to display non-latin alphabet characters – for example „Ø”, or „©”. Try to identify which letters look similar to the ones from a Latin alphabet? Now, just imagine that somebody registered a copy of your banks domain by using, for example, a Cyrillic letter „а” instead of a regular „a”. And then hosted a clone of this banks’ website, set up as https, to make it seem legit.
From a visual perspective, you won’t be able to identify if this link is malicious or not, since it doesn’t cоntain mіѕѕреllіngѕ оr оthеr trісkѕ that yоu might lооk for – if you don’t believe me, try to identify which of the letters used in the bold text above are Cyrillic.
Can’t do it? Keep reading to learn more about how you can protect yourself against these frauds.
Domains, that are using graphical characters are nothing new – first of them were registered in April, 2001 and since then we’ve can easily use emojis in domain names, if we wish to.
The idea of such URLs is very interesting – since there is a limit to how many languages a person is able to understand the word “Apple”? If you’ll have a domain including a symbol of an apple (🍎), anybody will understand it.
At the very beginning, it was possible to register emoji domains with extensions like .com or .net. Even today, it’s quite easy to find a website that is being hosted on a domain such as this ⛄️.com. However, a limitation has been introduced since that time. These days, you can only register domains with the following extensions:
Emojis are not the only possible characters that can be used in “special” domain names – You’ll find that some of the graphic characters from UTF-8 are extremely similar to our alphabet letters. Now, just imagine the possibilities of registering such a domain with .com or .pl. Somebody could easily then register a domain that looks exacly like your banks domain and host a cloned website there, for example. Also – there’s nothing keeping them from implementing a https connection to it and getting a trustworthy looking padlock icon.
Not really – it does however minimize the risk – your bank’s domain with a .ws extension will look suspicious (if you are verifying the URLs before you’ll click on them!). It’s important to remember that social engineering is based on natural human behavior, needs and emotions. In such cases the attacker can encourage you to click on unusual, interesting looking URL addresses – and in some cases, it’s totally enough to hack your device (for example if you are not a big fan of update installations).
Vulnerability Management is a cornerstone in a modern cyber security defense.
Read more articles similar to this one.
Hacker attacks
Understanding an attacker and the various methods used for attempting to access or modify systems or software, makes it easier for us to protect...
Hacker attacks
On March 19, the Norwegian multinational company Norsk Hydro detected abnormal activity in their servers and found that they were exposed to a...
Hacker attacks
Ransomware
Imagine this, one day you discover that your website is being used to propagate malware. Google adds a big red notice, alerting people that this...