Prevent Potential Punycode Phishing Attack

The domain name system was designed to only use the limited ASCII characters at the very beginning. In order to represent Unicode characters (which covers letters of other languages) in the URL, the Punycode syntax is used.

However, allowing Unicode characters in URLs may cause some security issue. Being able to use all the foreign characters, hackers can build a fake website with a domain looks just like a well-known website, where the users might reveal their personal information.

Fortunately, there is a simple method that we can take to avoid users going to those fake websites. The URL will start with "xn--" to declare it is using Punycode, so we can set up the URL Content Filter and DNS Filter to block the URLs which contains "xn--".

To block the websites using Punycode URLs:
1. Create a Keyword Object with content "xn--"

2. Create a URL Content Filter profile, to block the URL which contains the keyword we set in step 1.

3. Create a DNS Filter profile to filter the DNS request for the URL content filter we set in step 2.

4. Create a Firewall Rule profile to apply the rules we set in step 2 and 3.

Published On:2017-05-09 

Was this helpful?