IDN Char Collision Detection
IDN Char Collision Detection ( IdnCCD for short ) is a protocol for combating homographic phishing attacks with internationalized domain names (IDNs). In IDN-based phishing attacks, fraudsters take advantage of the similarity between Latin ASCII- based characters (a – z or 0–9) and international characters outside the ASCII range.
How to deal with IDN-based phishing attacks
- Phishing scammers register domains with international characters, for example Cyrillic characters such as the domain name: xn--meineonlinebnk-6tl.com
- The domain name: xn--meineonlinebnk-6tl.com is referred to as Punycode and is the ASCII-compatible form of an IDN.
- The international domain name behind it is: Meineonlineb а nk.com. The domain name given as an example contains the Cyrillic letter ' а ' (which is visually identical to the Latin letter ' a ') and is presented as an IDN and can no longer be distinguished from the domain name, which consists of ASCII-based characters only: myonlinebank.com.
- Online fraudsters use this similarity of Meineonlineb а nk.com to elicit their personal data from Internet users.
Solutions to combat IDN-based phishing attacks
- Browsers display links based on IDNs in Punycode form. The main disadvantage of this approach: Domain names with international characters lose their originality when they are displayed in Punycode form.
- IdnCCD protocol (Idn Char Collision Detection) filters out "critical character collisions" from domain names. The IdnCCD protocol was developed by Thomas Meike.
Basic principle of IdnCCD
"Critical sign collisions" are always those signs which, from a language-regional point of view, are of rather minor importance. In the case of Meineonlineb а nk.com, the appearance of a Cyrillic 'а' within the domain name is a clear character collision.
A Cyrillic 'а' has very little meaning within a domain name compared to the Latin 'a' in terms of language regions. Accordingly, the appearance of this letter within the domain name should immediately lead to a warning to the Internet user. The internet user should still be able to freely decide whether the link should be followed up or not.