ISACA: More phishing attacks may appear from increase in web site characters
Tag: IT Briefings Print article: Email article: This was published: 9 Nov 2009 - 07:25 am
A recent announcement by ICANN (Internet Corporation for Assigned Names and Numbers) regarding international domain names poses some security risks, according to ISACA, a global association of IT security, audit and governance professionals.
ICANN recently announced that International Domain Names (IDNs) will support non-Latin characters, including Mandarin, Arabic, Hindu and Cyrillic. ICANN is also discussing expanding the number of generic top-level domains (gTLDs), such as .com and .org, from its current list of 21 to include almost any word, in almost any language
“While we understand the interest in expanding the characters offered in other languages, we are concerned that an increase in web site characters could lead to greater security risks and consumer fraud,” said Peter Wood, member of ISACA’s Conference Committee and founder of First Base Technologies. “The number of phishing attacks could surge, with attempts to confuse users by replacing conventional web addresses and gTLDs with non-Latin scripts. People might think they are on a trusted site, but inadvertently enter credit card numbers and other personal information on a fraudulent site.”
Explains Wood, “Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lowercase A ("a") is indistinguishable from Latin lowercase A ("a"). An unscrupulous host site can use this visual ambiguity to pretend to be another site and take advantage of site visitors.”
According to ISACA, a global association of 86,000 IT governance professionals, it is critical to type a web site’s IP address directly into the browser, rather than click on links in e-mails and social networking sites.
Wood advises organisations and individuals to also verify that the web security technology they have in place will protect them and will be able to recognise the new character sets when they are made available by ICANN to ensure that they will not be directed to a spoof or malicious site.
For additional information on ISACA, visit www.isaca.org.
Posted by: Neil
Other latest articles on the subject of IT Briefings
Copyright Public Technology Ltd 2003-2009. Crown copyright material used under click use licence C02W0007583.
Parliamentary material used under click use licence P2005000039, & reproduced with the permission of the Controller of HMSO on behalf of Parliament.
EU tender information published under license from the European Commission.
This web site automatically and continually monitors, collects and publishes latest breakings news from a large number of sources.
Copyright of content / material may belong to the original source.
