Recent reports show hackers substituting Roman alphabet with Cyrillic alphabet characters to deceive recipients. In their article “Real or Imposter? Everything You Need to Know About ‘Homoglyph’ Phishing”, CISO MAG describes this tactic, known as The Internationalized Domain Name (IDN) homoglyph attack, as “a deception technique that uses homoglyphs or homographs, in which an attacker abuses the similarities of character scripts to create phony domains of existing brands to trick users into clicking. A homoglyph is one of two or more characters or glyphs with shapes that appear identical or very similar.”
Clicking on a malicious link in haste in an email that spoofs a legitimate institution may direct you to a website that looks identical to the actual company brand being imitated and might request login credentials. Clicking a malicious link may also initiate download and install of a program capable of recording keystrokes and collecting confidential data including bank logins.
Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring the visible link is indeed the true destination. You may hover over links to see their true destination. AAFCPAs also advises that clients establish and adhere to internal controls, monitor and test those controls, conduct simulated phishing expeditions via social engineering, and offer ongoing cyber security training.
Please forward this alert to your employees to ensure they are and remain phishing-savvy. Clients can boost security awareness by training employees on common phishing techniques, sharing the organization’s suspicious email response protocol, and reminding staff to always remain vigilant.
How may we help?
AAFCPAs conducts IT Risk/Cyber Security Assessments and offers Vulnerability Management as a Service (VMaaS) solutions to pinpoint potential exposures, to help organizations comply with government and industry regulations, and to boost organizational awareness. We also work with decision makers to devise security practices and protocols that safeguard your intellectual property, reputation, and bottom line.
To learn more, please contact Vassilis Kontoglis, Partner, Automation, Analytics, & IT Security at 774.512.4069 or email@example.com—or contact your AAFCPAs Partner.