Hello, i5 it m3 y0u are I00king for?


Was that a real, genuine hello or a fake hello?

At first glance it seems genuine enough but that is because our brains translate what we see into what it thinks we want to see. It’s not a genuine hello as most of you will now see as I have replaced one of the ‘l’s with a capital ‘I’. The trouble is our mind is far more complex and intelligent than we give it credit for and rather than reading every letter we see, we focus on the first and last letters followed by the characters we would expect to find in a word while the exact order of the characters is less relevant for our understanding of a word. In other words, our brains are just too clever, backed up by Cambridge University who have carried out significant, or should we write singficant, research into what has been termed Typoglycemia – a neologism the cognitive processes involved in reading text.

Want some more proof? OK, well see how quickly you understand the following sentences despite them being littered with natural spelling mistakes:

“At shcool we were tuahgt taht slpeling was ipmorantt”

“The huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe”

“Typoglycemia sneds my sepllchkehcer carzy”

It’s a good thing that our brains work in this way, right? In most instances, yes. It helps us absorb information quickly and react accordingly but it also opens us up to the risk of being fooled by cyber criminals who have used our new-found strength into a common weakness.

In 2019, according to a survey carried out by Retruster, 76% of businesses who responded said they have been victims of a phishing attack. That is a very scary stat and one that shows no signs of shrinking over time. Fortunately, most attacks aren’t genuine and many will go unnoticed, caught by our spam filters in email or simply laughed away as being so far fetched that they could never be true – I mean, would a deposed dictator of an African country really reach out blindly to any of us?

Why is the number of phishing attacks rising? Partly because of the increased use of domain names that are either deliberately spelt in a way to trip our brains into thinking they say something they don’t or by using mixed script where some subtle changes in using letters from non-Latin alphabets which means the domain names look like they reflect brand names or popular websites but in truth divert you to more nefarious locations.

These domain names are often called Homographs and are characterised by a mix of substitute letters or numbers with characters from Latin, Greek, Cyrillic and other scripts. Whilst the actual registration characters are made up of latin script characters, by using the “xn--” prefix, they are translated into local script when they appear in a browser or search bar. The danger of that is to most of us, we will not see the subtle nuances of the different characters and our brains will tell us that everything is in order.

Domain name registries are starting to provide solutions for the issues that surround homograph registrations. The TrueNameTM solution from Donuts for instance blocks homographic variations of any domain name that is registered in one of their TLDs, whilst Take a domain name such as university.degree. There doesn’t seem too many potential variants to two very common words, but you would be mistaken. There are actually 1,439 other variants that could be used to make a similar domain name, such as:

  • ʋniversity.degree
  • unıversity.degree
  • unɪversity.degree
  • uniᴠersity.degree

It is only when you see the actual characters that are used in the registration of the domain name that you can see how different they are to the original university.degree domain name:

  • xn--niversity-pje.degree (ʋniversity.degree)
  • xn--unversity-wpb.degree (unıversity.degree)
  • xn--unversity-c9d.degree (unɪversity.degree)
  • xn--uniersity-223d.degree (uniᴠersity.degree)

Thanks to Typoglycemia, our brains read the domain names perfectly, which could lead us down a path laid by a maleficent individual or group who are hell-bent on obtaining my personal and financial details. We all need to be aware that these dangers do exist in the digital world and it pays to double check not only the URL we are following but also whether the website we end up on is behaving the way it should. Am I being asked for my user name and password when normally I am logged in via the saved password and cookie stored on my machine? Why does the website need my credit card details if I am not buying anything? Does the website look different from when I was last on it?

Unfortunately, there is no real “retro fit” tool that can help us identify homograph domain names that have already been registered. Going forward, registries will almost certainly start to develop their own tools that can identify and stop any homographs that infringe on brand names and Intellectual Property from being registered but in the meantime it is important that we all try to be part of the solution and not the problem that our own human super computers is partly responsible for.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s