Use Outlook or Microsoft Office? Malware red flag uses a new twist on an old trick

June 6, 2022

By Kim Komando

Cybercriminals constantly update their techniques to make malware, viruses and other cyber-threats as hard as possible for humans and artificial intelligence to spot. Antivirus apps check for infected files and malware, but there’s one kind of attack that humans and apps are relatively bad at noticing.

You’ve probably never heard of a homograph (or homoglyph) attack — but we’ve warned you about how it works many times. In the simplest terms, a clever criminal swaps one character for another, hoping you won’t notice.

Hackers are using this sneaky method to break into Microsoft’s Outlook and Office software. Read on for everything you need to know about homograph attacks and what you can do to stay safe.

Here’s the backstory

You might recognize that “homo” means “same” or “identical” in Greek — and that is exactly how a homograph attack works. By replacing the letters in a web address with symbols or other letters that look very similar, criminals can trick systems into thinking it is legitimate.

It’s relatively easy to tell the difference between www.google.com and www.g00gle.com, for example. But it becomes trickier when browsers translate international domain names (IDN) into ASCII format or when different European alphabets are substituted.

According to research by Bitdefender, all Microsoft Office applications and versions are vulnerable to IDN homograph attacks. Here’s how it works:

• Outlook, Word, Excel, OneNote, and PowerPoint display an email or web address as a link.
• When you hover your cursor over it, a preview shows you where the link takes you — and if the address is different.
• In a homograph attack, the text, link and preview look legitimate, but you will only know where it redirects you to once you click the link. In essence, this can make phishing attacks more potent there’s no way to spot a problem in the address or domain name until it’s too late.

What you can do about it

This trick is spreading because it really works. Here’s a spot of good news: Bitdefender says this attack probably won’t become as pervasive as other online attack methods because it’s tough to set up and maintain. “However, they are a dangerous and effective tool used for targeted campaigns,” the company says.

Since hackers can substitute letters with other symbols or even other alphabets, you must verify every link before clicking on it.

We’re not just talking about a zero standing in for the letter “O” here. Can you spot the difference between microsoft.com and microsofť.com? The latter web address uses the Slovak lowercase “t,” but you can easily assume it is a legitimate Microsoft link if you don’t pay close attention.

Now is the time to tighten up your cybersecurity practices. Start here:

• Always check where a link goes before clicking on it. Hover your mouse over it or right-click to see the URL. Select Copy link address and then paste it into a notepad or blank document. It takes a few extra seconds, but it could be the difference between opening a scam link and keeping yourself safe.
• Some browsers and productivity tools guard against homograph attacks, but only if you keep them updated. This is a great reminder to keep all your web-connected tools up to date. Our advice: Set a monthly reminder to check your computer, phone and tablet for updates. If there’s a new one, don’t skip it.
• Don’t click links that came from a sender you don’t recognize — ever. This is cybersecurity 101.
• Not everything is easy to spot on your own; that’s where antivirus software comes in. Kim’s pick is TotalAV. TotalAV’s industry-leading security suite is easy to use and offers the best protection in the business. In fact, they’ve received the renowned VB100 award for detecting more than 99% of malware samples for the last three years in a row. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price.

Keep reading

This dangerous, password-stealing malware spreads through bad apps

This data-stealing phishing attack is a triple malware threat