In one article on our website, about phishing, we used the domain НКС.net as a domain that could be used to create a fake website for attack. To illustrate the scale of the threat, let's assume there's a bank called "HKC" that has the official domain HKC.net.
However, here we need to expand on the information about domains and country-specific domains. Many countries' alphabets use more than 26 letters from the Latin alphabet. Examples include Spanish, German, Norwegian, and Polish. Registration of country-specific domains has technically been available since 2000, but it wasn't until 2003 that the so-called "punycode" was published. Traditional domains only supported Latin letters (a-z), numbers, and dashes. IDNs remove this limitation, allowing the use of Polish characters, for example. Extensions to national characters (so-called IDNs - Internationalized Domain Names) allow for more precise mapping. For example, the Polish word "bąk" means whirligig / horsefly or gadfly. Meanwhile, the word "bak," without the added tail, is nothing more than the fuel tank in a car. So, they are super important.
The aforementioned domain, НКС.net, is written in the Cyrillic alphabet thanks to UNICODE encoding, and represents the letters NKS (well, that's how it would be read by a Russian-speaking person). Because characters that don't exist in different languages aren't part of the extended ASCII (American Standard Code for Information Interchange) code, another agreement on the uniform representation of letters in bitwise form. Unfortunately, the ASCII standard only allows for 128 characters, so only A-Z, a-z, 0-9, and punctuation marks such as , : ; " -. The previously mentioned "punycode" is responsible for translating domains with national characters into the system understandable by all computer systems, available within the current ASCII system. Modern browsers can convert this code to national characters after reading it and display it in the browser bar. However, the version used by browsers before translating from UNICODE to ASCII looks like this: xn--j1afn.net. In the case of domains using only ASCII characters, the domain name НКС.net will be the same in both encodings - hkc.net.
However, when seeing a domain written in all caps in an email, it's difficult to distinguish which encoding we're dealing with - whether it's the local encoding or the Cyrillic encoding. After navigating to the address, the domain in the browser bar will look like this: нкс.net, but will anyone notice this while busy with another failed login attempt?
So how can we protect ourselves against this? This type of phishing?
Firstly: should we check the email address from which the email is coming? Of course, in the case of an email with the domain name
We should also check the domain bar to see if the website we are visiting is actually the website we want to visit.
