Would you (more importantly, your users) spot the difference?…:
[…] As an example, this URL uses a homographic character as its first character: “ɢoogle.news.” That can be compared to the legitimate “google.news” font — there’s a barely discernable difference.
Lumelsky noted that a few years ago someone bought the homographic-including “ɢoogle.com” to use it for phishing purposes.
“I wondered to myself: There are new top-level-domains every year. Did the world learn from the ɢoogle.com acquisition? How hard is it to create a good Google phishing website from scratch?”
Setting out to find out, the researcher turned to the main domain registrars – GoDaddy, Namecheap and even Google Domains – to first see if he could snag appropriate URLs. He found the process to be so simple that a basic search resulted in a dozen suggestions for available domain names, including ɢoogle.company; ɢoogle.email; ɢoogle.tv; ɢoogle.life and even ɢoogletranslate.com, all for what Lumelsky said was a “great” price. He purchased a handful of them, using an obviously fake identity that included “Not Google :)” as the company name.
After that, he was able to set up a virtual private server in the cloud to host the domains; and he also requested a LetsEncrypt certificate to “safeguard” traffic to and from the sites – and get around security red flags from browsers. Chrome for instance showed the domains as “Secure” (with a lock icon) thanks to the certificate.
“Now, one can use https:// links to gain trust, while providing malicious content,” Lumelsky said.
“The great thing about using a proxy is that my domain’s links previews, in every single platform, fetches Google Translate’s exact description while pointing to my link,” the researcher explained. “[Also,] Google’s JS runs normally from my domain.”
In all, Lumelsky said that it was a simple affair to set up a very convincing fake domain – it took minutes, with no coding, he explained. Further, “on mobile phones, the ‘ɢ’ in my domain looks like an actual ‘G,’” he said.