|
|
|
Phishers could hijack new domain name system
A recently approved system that allows countries to create web addresses using a mixture of European and non-European languages could open a back door for scammers warned the UK Internet Forum (UKIF).
People are directed to websites by the real name rather than as websies internet protocol address, which is a series of numbers. European languages use what are called ASCII codes to create 'real name' web addresses and other languages such as Russian, Greek or Chinese use a code called Unicode. The Internationalised Domain Names (IDN) system now combines these.
The problem for consumers is some of the letters in the alphabets that use Unicode is they resemble those used in European alphabets. The worry is criminals will use a mixture of these codes to register websites that look like those that belong to legitimate companies and direct users to the fake sites. Steve Dyer, director of UKIF told Compueractive there were reals concerns about misuse of this by criminals. "The Russian 'A' looks just the same as the English 'A' although it means something different. A criminal could register a domain name using a mixture of ASCII and Unicode that is indistinguishable to the ordinary surfer from the genuine site.
"To prove a point, the website PayPal was created using a mixture of the European and Russian alphabet. People were directed to a fake site and phishers can steal personal details. This site was handed over to PayPal but shows how dangerous this could become",he said.
But the IDN system can't just be binned he warned as other countries genuinely need a way to write 'real names' for their websites because it is easier for people to use. He also said some legitimate sites, such as More Than (More>) and Toys R Us use non-European letters to denote their brand.
Mr Dyer said the internet industry must be more aware of the risks.
But he believed there are safeguards that could alert internet users. Browsers for example could flag up sites that use a mixture of ASCII and Unicode and he said Opera believe it has safeguards and Mozilla is working on a solution.
Related articles
Email providers including Google, Microsoft and Yahoo form an alliance with the aim of developing a common authentication standard to help identify phishing emails
ISPs and other groups say that the police-led taking down of websites without court orders could lead to legitimate sites being targeted
If you click on the link in a phishing email, you could unwittingly find yourself part of a botnet. We explain what the cyber criminals are up to these days
Q.Why can't my browser find the website address I typed...
Q.All updates have been downloaded, so why won't Windows...
Q.How do I stop Windows 7 search?
Be a money saving expert
Return of the Mac computer
The benefits of owning a smartphone
Choose Gold, Silver or Bronze membership
Save up to 40% on the cover price of each issue
Get access to the subscriber club exclusive website
Our price won't be beaten by any shop or website
Voice over IP. The routing of voice conversations over the internet, which is cheaper than the telephone...
|
|
|
|
|
Nikon Coolpix S570 BlackPrice: £66.99 |
Computeractive Ultimate Guide - Storage, Sharing & BackupPrice: £5.99 |
Back Issue CD-Rom 13 (2010)Price: £9.99 |
Hallmark Card Studio DeluxePrice: £15.31 |
Marine AquariumPrice: £15.41 |
