Homograph Phishing Attacks – When User Awareness Is Not Enough

Microsoft Office vulnerable to homograph attacks

Homograph (also known as homoglyph) phishing attacks are based on the idea of using similar characters to pretend to be another site. While most of them are easily recognizable by end-users with proper training (for example, g00gle.com), the homograph attacks based on international domain names (IDN) can be unrecognizable from the domains they are spoofing. 

Most security research on IDN homograph attacks has been focused on browsers – but domain names are used by other applications, which are still vulnerable.  We recently tested several other applications, and the behavior was inconsistent – some applications always display the real address, while others display an international name. But the elephant in the room was surprising – all Microsoft Office applications and versions were vulnerable to IDN homograph attacks – including Outlook, Word, Excel, OneNote, and PowerPoint.  

Fig 1: Example of international domain name resolution in Microsoft Office and browser 

In the screenshot below (from Outlook 365), all links point to a spoofed apple.com domain. Even if a browser decides to display the real name after opening

Read More: https://businessinsights.bitdefender.com/homograph-phishing-attacks-when-user-awareness-is-not-enough