Dark Mode

Settings

Capec-632 Detail

Homograph Attack via Homoglyphs

Detailed Social Engineering Likelihood: Low Typical Severity: Medium

Parents: 616

Description

An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.

Not present

External ID Source Link Description
CAPEC-632 capec https://capec.mitre.org/data/definitions/632.html
CWE-1007 cwe http://cwe.mitre.org/data/definitions/1007.html
Explore

  1. Determine target website: The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

    2. Techniques
    Research popular or high traffic websites.
Experiment

  1. Impersonate trusted domain: In order to impersonate the trusted domain, the adversary needs to register the URL containing the homoglpyh character(s).

    2. Techniques
    Register the Homograph domain.
Exploit

  1. Deceive user into visiting domain: Finally, the adversary needs to deceive a user into visiting the Homograph domain.

    2. Techniques
    Execute a phishing attack and send a user an e-mail convincing the to click on a link leading the user to the malicious domain.
  1. An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

Not present

Low
Adversaries must be able to register DNS hostnames/URL’s.
Other
Other (Depending on the intention of the adversary, a successful Homograph attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.)
  1. An adversary sends an email, impersonating bankofamerica.com to a user stating that they have just received a new deposit and to click the given link to confirm the deposit. However, the link the in email is bankofamerica.com, where the 'a' and 'e' characters are Cyrillic and not ASCII, instead of bankofamerica.com (all ASCII), which the user clicks after carefully reading the URL, making sure that typosquatting and soundsquatting attacks are not being leveraged against them. The user is directed to the adversary's website, which appears as if it is the legitimate bankofamerica.com login page. The user thinks they are logging into their account, but have actually just given their bankofamerica.com credentials to the adversary. The adversary can now use the user's legitimate bankofamerica.com credentials to log into the user's account and steal any money which may be in the account. Homograph vulnerability allows an adversary to impersonate a trusted domain by leveraging homoglyphs and tricking a user into visiting the malicious website to steal user credentials.See also: CVE-2012-0584 CVE-2009-0652 CVE-2005-0233 CVE-2005-0234 CVE-2005-0235 CVE-2005-0236 CVE-2005-0237 CVE-2005-0238

We use cookies to ensure you get the best experience on our website.