Security & Privacy

New Internet domain registration rules promulgated by ICANN will soon allow web sites to use domains that do not use Latin characters. Currently, regardless of the language or alphabet used in a country, domain names must use Latin, or western, characters. Even accented characters are verboten: for example, you can’t register résumé.com as a site to host, well, résumés.

But new rules will change that, and rightly so. After all, why should China’s Xinhua news service have to use xinhuanet.com rather than the Chinese characters for its name?

However, as Gizmodo points out, this could lead to new phishing tricks. In the graphic below, you can see that “paypal” looks a lot like “paypal”, even though one is using a Latin character set and the other a Cyrillic character set. This means that cyber-thieves could use character sets that fool users into clicking on their links, and direct them to bogus sites.

Naturally, this ability is limited by the number of characters that look like Latin characters. For example, Chinese characters wouldn’t fool anyone, nor would Japanese or Thai glyphs. But there are a number of Unicode characters, used in different languages, that could lead to confusion.

For now, this is a warning that, when these new domains are registered, security companies will have to be very careful to make sure anti-phishing software can block such sites. Applications have been open for these domains since November, and they should start going on-line sometime this year.