Expansion of Domain Names to Include Non-latin Characters

Recently, Internet Corporation for Assigned Names and Numbers (ICANN) approved the addition of non-Latin domain names to the Internet’s master directory of domain names. As a result, Arabic users will soon be able to access websites with URL’s written entirely in Arabic characters. Companies will be able to reach out to new audiences.

In the short term, there will be more opportunity for attackers to conduct phishing attacks against sites registered within these new domains. The domains are relatively new with a lot of unregistered space. As a result, attackers should be able to register plenty of unclaimed space for subsequent phishing attacks. With an expanded web audience and domains, the volume of phishing attacks should continue to rise.

In the long term, the security community will need to focus on finding better solutions to detecting phishing sites using methods beyond blacklisting. Blacklisting will be an increasingly unmaintainable solution to prevent users from visiting an ever-increasing and diverse set of phishing sites. Many different solutions have been proposed. Check out this article that provides a good overview of various solutions.

Here is the original article that inspired this blog post.

Technorati Tags: phishing URL domain names