Homograph Phishing

Homograph phishing is one of the world’s most sophisticated and successful forms of domain phishing. It involves the use of Internationalized Domain Names (IDNs) to create domain registrations that look confusingly similar to an existing “regular” or non-IDN domain registration. Unlike traditional typosquatting, homograph attacks deceive unsuspecting victims by presenting visually indistinguishable links to a customer either through web content or a spoofed email address.

If you are interested in learning more about homographs, Lexsynergy’s Director, Daniel Greenberg, was interviewed by IPPro in 2018 about this growing cybersecurity threat. You can read the full interview HERE.

Donuts TrueName

Donuts Registry, which manages over 240 generic TLDs, has announced a new anti-phishing technology called TrueName Phishing Protection.

TrueName Phishing Protection is a fully automated brand and identity protection service designed to prevent bad actors from attempting to copy or maliciously impersonate your online identity. TrueName accomplishes this by preventing the registration of all known confusingly similar “homographs” of a domain name at the point of registration.

How It Works

Lexsynergy owns the domain lexsynergy.limited, and Donuts is the registry for the .limited domain extension. This domain is now protected with TrueName, meaning nobody can register a homograph that looks similar to lexsynergy.limited. Here are a few examples of domains strings that are now blocked from registration:

Homograph Domain
ǀexƽɣnergɣ.limited
lexƽɣnergɣ.limited
lexƽɣnerᶃɣ.limited
lexƽɣnerɡɣ.limited
lexƽɣnergᶌ.limited
lexƽʏnerƍʏ.limited
lexꜱᶌnerƍỿ.limited
lexsynerɡᶌ.limited
lexsʏnerɡy.limited
lexꜱynerɡỿ.limited

As you can see, unless you are looking closely, these domains could easily be confused for our domain lexsynergy.limited.

TrueName Features

  • TrueName is already live and applies to all existing and future domain registrations within the Donuts TLD portfolio (i.e. .domains, .business, .online, .email, etc.). This includes domains registered in Sunrise, EAP, or General Availability.
  • There is no additional fee for TrueName and nothing needs to be done to apply TrueName protection to your Donuts domain. It is simply an added benefit of registering a Donuts domain.
  • Trademark owners can override a TrueName block and register a homograph version of their mark by providing proof of trademark ownership in the form of a signed mark data (SMD) file.
  • Homograph blocking is also included in all Donuts DPML and DPML+ Blocks
  • The number of protected strings per domain registration will fluctuate significantly based on the character count and will not be limited by the TrueName engine (For reference, at the time of writing this article, the domain “lexsynergy.limited” will block 599 homograph strings).

If you have any questions about TrueName Phishing Protection, please email your account manager or our support team at support@lexsynergy.com.