Tuesday, May 30, 2017

“.brand” new gTLDs and Homograph attacks

Homograph attacks are a good reason to definitely get rid of “.com” and move to a “.brand” new gTLD. Here is why.
Most domain name extensions accept IDNs (Internationalized second level domains = non ASCII characters) and all browsers read them. The problem with IDNs is that they can be used to fake a domain name and if most browsers would detect homoglyphs and “translate” them, it is not the case for old browsers. On a “.brand” domain name extension, the Brand has the hand on domain name registrations and can control which domain is registered: not the case with “.com”. This article is the third update of an article written on the 18 of May 2017 and previously entitled “.brands" & Homograph attacks“.

Why protecting consumers matters
The reason why it matters for Trademarks to protect their consumers online is that their clients won’t complain to them nor they will ask their money back if they face an homograph attack. Image is important too...of course.

Restricted access to registering “.brand” domain names makes a huge difference in terms of security: attackers won’t have access to creating an homoglyph. They will on a “.com”.

What are we talking about?

Homograph attack free
An attacker will be able to launch an homograph attack using any open extension that accepts IDNs, but if he will be able to cheat, hiding inside the second level domain name using homoglyphs (when the registry allows them) or mistypes, he won’t be able to do it with a “.brand” domain name because he is not allowed to register such domain names. Only the owner of the “.brand” Registry is.

Recognition: the extension is the seal
With a client being trained by the Trademark to visit hyperlinks ending in a “.brand” domain name extension, he becomes used to it so the ending of an email received or a website visited certifies that the content is from the Trademark.

Beware of browsers
Some browsers, like previous version 57.0.2987.146 of Chrome (in Chromium) still translates homoglyphs. It means that examples below will still show in a browser!!!

Phishing and homograph attacks
In a phishing attack, you would receive an email asking you to click on hyperlink - which title would be “clicke here” - clicking would take you to a fake website (asking money or information). Such links can be double checked, passing the mouse on the hyperlink, so it becomes possible to see the real hyperlink prior to clicking. Some more sophisticated phishing attacks even offer mistyped domain names such as GuiІІon.com (fake site) for Guillon.com (real site). Note that the two letters “l” in the fake site are in fact two decimal “i”, a letter of the cyrillic script (it also works with “0” replacing “o”). When you pass your mouse on the hyperlink, you will note that the domain name shows two “i” (instead of two “l”). Phishing attacks are in fact spam campaigns asking you to click on a hyperlink to take you to a fake website.

Homograph attacks are the same but the problem is that the link you are asked to click onto...is the exact same “visually speaking” so you cannot double check if the link you are about to click onto is the good one or not. Homoglyphs are used here: they are words which letters’ shapes appear identical or very similar one to the other: International Domain Names (IDNs) are used here. A recent example given in the press was “epic.com” (real site), which is also “xn--e1awd7f.com” and “epic.com” (fake site). Try the two of them in version 57.0.2987.146 of Chrome’s address bar and you will note that both read to “epic.com”. The problem? They are two different websites under the exact same “.com” domain name. Imagine such an attack using your domain name: scary isn’t it?

Why change now?
If .BRAND new gTLD applicants still don’t know what to do with their own domain name extension, changing now allows:
  • To start training and informing their consumers to visit a new website: “this takes time”;
  • To homogenize their domain name portfolio and stop registering more domain names they will probably never use: there will be more domain name extensions created in the future and unless I am wrong, this means more domain names to register for any Trademark who wants to secure its assets.
  • To enhance their client’s level of security: chances are high that attacks’ level of sophistication won’t lower in the future and “.brand” domain names are a barrier to these.
Banks should consider
Banks who did not (yet) apply for their own domain name extension should consider using a .BANK domain name for the same reasons. Attackers cannot have access to “.bank” domain names since these are restricted to banks. In one word, it means that a bank can drastically increase its existing and future clients’ level of online security by using an extension which is not open to the public.

Making sense
Migrating to a single .BRAND new domain name extension makes sense if:
  1. All other domain names are redirected to new “.brand” domains so existing users are trained to visiting the new .BRAND domain name;
  2. Existing and new clients are informed about this change early in advance so it does not cause confusion;
  3. Existing and new clients are explained that all other information coming from other domain name extensions (emails or websites) are not certified coming from the Trademark.
The objective of such move is to:
  • Guarantee existing and future clients the highest level of security;
  • Lower the level of confusion due to the important number of new domain name extensions created;
  • Increase the level of trust with one single source of information.


The Trademark Clearinghouse just announced the Sunrise Period for .STOCKHOLM new domain names.

  • START: Thursday, 15 June, 2017 - 16:00;
  • END: Saturday, 15 July, 2017 - 16:00.
Check the TMCH calendar for details.

Here are interesting extracts of what the application submitted to ICANN says:

The purpose of the City of Stockholm’s own gTLD .stockholm is twofold:
  1. First, .stockholm will be a strong marketing tool, being part of a greater strategy for the City of Stockholm, aimed at the international business public. The purpose is that the City of Stockholm once more states its strong position as a highly modern and innovative city, using cutting edge technology to deliver the infrastructure needed in order to enable its business community to be successful in their area of expertise and to continue to attract international companies for investment.
  2. Secondly, .stockholm shall be used as reliable and trusted communication tool for the citizens of Stockholm in their contacts with the city and its service providers. It will be the official channel for communication from its own institutions like municipal offices, schools, hospitals, events etc. to the citizens of Stockholm. .stockholm will be used as a strong communication tool aimed at Stockholm’s citizens, ensuring the origin of message, communicated either by email or web, leading to enhanced consumer trust in the field of online communication and marketing. .stockholm is part of a greater plan to enable the citizens of Stockholm the ultramodern lifestyle they expect from their city. 
There are more than 1400 ICT companies in the area – employing approximately 25 000 people. In order to continue this positive development, the City of Stockholm has to keep up the pace, taking advantage of new possibilities such as controlling its own gTLD .stockholm in order to remain the top city of innovative forerunners.

Digital technology is not only important in order to improve service, but also from a sustainability perspective. Having a well developed service sector and a wide use of broadband services among citizens, schools and companies gives the opportunity for a sustainable life style. Thus Stockholm was appointed Europe’s first Environmental Capital by the EU in 2010. Stockholm sees its own gTLD .stockholm as natural further development of the digital services already offered to the local business community as of today.

However, with more and more services available online, the city’s need for a high control and security level increases. The demand is for 100% reassurance when using e-services with private data. Communicating with the City’s inhabitants via .stockholm websites and email addresses, will have the possibility to enhance citizens trust that can increase the citizen´s use of city e-services.

Objectives of the gTLD .stockholm
Stockholm is growing and sustainability and smart services are used to attract citizens, investors, business people and visitors. The City of Stockholm wants to take an active part in shaping the Internet of the future, and contribute to the digital development. Therefore, the City of Stockholm is investing in creating its own gTLD for all city services and activities.

In conclusion, the objective of .stockholm is to:
  • Increase the visibility of the City of Stockholm, as well as the accessibility and usability of e-services for its citizens.
  • Attract companies and coveted business people to the Stockholm region and to enable them a smooth and successful business entry by facilitating information transparency and increasing service availability."
Check the complete application here.

.BRAND new gTLD Reports are updated once a month: CLICK HERE !