Malwarebytes researchers have highlighted a new phishing technique that attackers are exploiting to target visitors of several websites by leveraging on modified favicon to inject e-skimmers and steal credit card information.
The technique consists of using similar characters to dupe unsuspecting users, according to the security researchers, which characters could be from a different language or simply the capitalization of the letter 'i' to make it look like lowercase 'l'.
This is refered to as internationalized domain name (IDN) homograph attack, and it has been used by Magecart group on several domains to load the so-called Inter skimming kit within favicon file.
How the Homograph attack technique is carried out
The attack technique typically involves using similar character scripts with original domains to create and register fraudulent domains which are injected with malware to target unsuspecting users who are deceived into visiting them.
How Web Users can guard against this kind of phishing attack
The threat actors are becoming more sophisticated in their craft, therefore the lines between the different attack scenarios and what researchers can make of the kind of attack is getting blurred by the day.
It is recommended that web users should not follow links in chat messages and other public content, and always turn on multi-factor authentication when available to secure their accounts from being hijacked.
And more importantly, they should scrutinize the URL of websites they intend to visit to ensure that the link is indeed the actual destination, and they should avoid the clicking of links from emails, rather they should extract the link for further scrutiny before visiting it.