[At-Large] Ars Technica : Microsoft Outlook shows real person’s contact info for IDN phishing emails

Dev Anand Teelucksingh devtee at gmail.com
Tue Sep 7 14:50:27 UTC 2021

If you receive an email from someone at arstechnіca.com, is it really from
someone at Ars? Most definitely not—the domain in that email address is not
the same *arstechnica.com <http://arstechnica.com>* that you know. The 'і'
character in there is from the Cyrillic script and not the Latin alphabet.

This isn't a novel problem, either. Up until a few years ago (but not
anymore), modern browsers did not make any visible distinction when domains
containing mixed character sets were typed into the address bar.

And it turns out Microsoft Outlook is no exception, but the problem just
got worse: emails originating from a lookalike domain in Outlook would show
the contact card of a real person, who is actually registered to the
legitimate domain, not the lookalike address.
This week, infosec professional and pentester DobbyWanKenobi demonstrated
how they were able to trick the Address Book component of Microsoft Office
to display a real person's contact info for a spoofed sender email address
by using IDNs.

Read full article :
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://atlarge-lists.icann.org/pipermail/at-large/attachments/20210907/cef6dab3/attachment.html>

More information about the At-Large mailing list