What if Outlook shows a seemingly genuine URL in an email?
Researchers discovered that the Microsoft office productivity tool may be used to launch phishing attacks capable of fooling even the most seasoned online users.
Bitdefender analysts recently discovered that homograph attacks – those that employ similar-looking characters for deception – e.g Microsoft. They become far more effective when based on international domain names (IDN) and used against apps other than browsers.
The researchers determined that all Microsoft Office programs were susceptible to homograph attacks. After evaluating a few applications for their behavior if faced with an IDN homograph attack. It was concluded that all productivity tools including Outlook, Word, Excel, OneNote, and PowerPoint are vulnerable.
So far, No patches!
Simply, with a threat actor Outlook may show a link that appears completely legitimate. While the user would not notice the difference until the site is viewed in their browser. This might be sufficient to initiate a malware download in some instances.
This vulnerability was reported to Microsoft in October of 2021. The Redmond software company confirmed that the danger is serious and it has yet to be fixed.
According to Bitdefender, the good news is that such an assault is difficult to launch and hence unlikely to be executed on a large scale. Nonetheless, this vulnerability can be a highly effective weapon in targeted assaults, such as state-sponsored threat actors stealing passwords and other sensitive data from certain high-value organizations.
The problem with homograph attacks is that they exploit web accessibility. All domain names in the early internet were utilizing the Latin alphabet, which had 26 characters.
Since then, the internet has evolved and expanded more characters, such as the Cyrillic alphabet (used in Eastern Europe, and Russia). This provided threat actors with a large playground, as they may develop phishing sites with URLs that seem identical to the authentic site by mixing various characters.