What are homograph domain attacks? 

People are often lulled into a sense of security by familiar domains, leading to accessing websites and communications without much thought. Threat actors use homograph attacks to prey on this trust to access valuable data in organizations like healthcare practices.

Understanding homograph domain attacks

Homograph domain attacks are a type of phishing attack where attackers create lookalike domains by exploiting visually similar characters from different alphabets. It tricks users into thinking they’re visiting a trusted source. A study published in HAL Open Science states, “Homograph attack is a way that the attackers deceive victims about what domain they

are communicating with by exploiting the fact that many domains look alike.”

An example of this is an attacker replacing the letter “o” in a legitimate domain with a Cyrillic “o” to create a domain that appears almost identical. The prevalence of this form of cyberattack brings to light a major challenge in cybersecurity: the lack of training in recognizing and avoiding lookalike domains. 

How homograph attacks are used against email 

1. Attackers create email addresses with lookalike domains making it appear as if it's from a trusted sender. (e.g., “support@hea1thcare.com” instead of “support@healthcare.com”). 
2. Links within emails could direct users to fake websites that look like their healthcare organizations designed to capture their data.
3. Attackers could impersonate a healthcare provider’s vendors or suppliers using similar domains to request unauthorized payments. 
4. Emails appearing to be from the internal IT department or trusted external tech support can trick healthcare staff into providing access to the system. 
5. Attackers may use domains that look similar to regulatory agencies to request compliance documentation or access to patient records under the guise of audits.
   
   

The solution: HIPAA compliant email 

HIPAA compliant email platforms like Paubox offer security that goes beyond encryption. These systems can easily be integrated with threat detection software and have domain filtering built in allowing for the monitoring of unusual domain patterns and alerts. This helps organizations identify fake or compromised domains sent to the healthcare organization to imitate trusted sources. 

The benefit of using HIPAA compliant email is also found in its ability to allow providers to easily communicate cybersecurity awareness with patients. The integration of educational content informing patients about common attacks used to imitate and access their data and the practices they should use to avoid it can assist in not only protecting patients but also improving the physician-provider relationship through trust.

Related:  Top 12 HIPAA compliant email services

FAQs

Is consent necessary to send an email?

Consent is required when sending an email for reasons not related to treatment, payment, or operations. 

What is phishing? 

A type of cyberattack where attackers trick people into sharing information by pretending to be trustworthy sources. 

How is exploited PHI commonly used?

It is commonly used by cybercriminals for identity theft, financial fraud, or selling it on the dark web.