<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mv="http://macVmlSchemaUri" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-language:EN-US;}
p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
{mso-style-priority:99;
mso-style-link:"Footnote Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-language:EN-US;}
span.MsoFootnoteReference
{mso-style-priority:99;
vertical-align:super;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.FootnoteTextChar
{mso-style-name:"Footnote Text Char";
mso-style-priority:99;
mso-style-link:"Footnote Text";}
span.EmailStyle20
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
/* Page Definitions */
@page
{mso-endnote-separator:url("cid:header.htm\@01D2BDA1.F846CEA0") es;
mso-endnote-continuation-separator:url("cid:header.htm\@01D2BDA1.F846CEA0") ecs;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">Don, my comments enclosed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">-Dennis<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span style="color:black">From: </span>
</b><span style="color:black"><ua-discuss-bounces@icann.org> on behalf of Don Hollander <don.hollander@icann.org><br>
<b>Date: </b>Monday, April 24, 2017 at 5:40 PM<br>
<b>To: </b>"UA-discuss@icann.org" <ua-discuss@icann.org><br>
<b>Subject: </b>[EXTERNAL] [UA-discuss] UASG Response to WordFence IDN Phishing concerns<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">Further to recent discussion on this list, we have drafted a document that we plan on posting as a Blog Post to the UASG Web site that can be referenced by others.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">We want to get feedback from the community on this document by Thursday UTC.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">So, here it is – pasted below and as a word document in case you want to enable tracking and make amendments. If you have comments or suggestions, please share them to this group.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">Don</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a name="_Hlk480546462"><b><span style="font-size:11.0pt">IDNs and Phishing: What You Need to Know</span></b></a><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">By TBD at UASG
</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"><a href="https://www.icann.org/resources/pages/idn-2012-02-25-en">Internationalized Domain Names</a> (IDNs) are growing in popularity, a testament to their role in the expansion of
the global Internet and the value they provide in connecting non-English speakers to the Web. However, you may have noticed a renewed focus over the past week of a script mixing technique that phishing scammers could potentially use to trick Internet users
into visiting malicious websites. This phishing method takes advantage of the fact that characters from various languages and scripts are sometimes visually similar to each other. For example, the Cyrillic “</span><span lang="RU" style="font-size:11.0pt">а</span><span style="font-size:11.0pt">”
and the <a href="https://en.wikipedia.org/wiki/ASCII">ASCII</a> “a” look virtually identical. This technique is known as a homograph attack.
</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">Homographic phishing efforts associated with IDNs are not new. In fact, they date back to the early 2000s. Registries have since implemented policies that preclude mixing scripts<a style="mso-footnote-id:ftn1" href="#_ftn1" name="_ftnref1" title=""><sup>[1]</sup></a>
within a domain name label.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">While this issue should be taken seriously and serves as an important reminder of consumer safety, various IDN and anti-abuse groups are actively working to mitigate potential threats,
and there are already certain browser-set protections in place. In the meantime, Internet users should practice the same basic security hygiene that is always recommended: avoid clicking suspicious links, and use a good password manager that will only enter
login credentials on trusted sites. </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">Equally important is to recognize the benefits of IDNs and avoid disabling them, which could lead to an unpredictable user experience and eventually a decrease in adoption. IDNs are
essential in bringing non-English speakers – the majority of the world’s population – online, and allowing those users to create their own highly relevant online identities as well as navigate the Internet in their native languages. In addition to the social
and cultural benefits of IDNs, they also represent a significant economic opportunity; a recent
<a href="https://uasg.tech/whitepaper/">report</a> commissioned by the Universal Acceptance Steering Group (UASG) found that online spending from new IDN users could start at USD 6.2 billion per year.
</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt">The UASG’s mission is to help software developers and website owners keep pace with the evolving Domain Name System (DNS) – and this includes issues around the adoption and acceptance
of IDNs. If you’d like to get involved in helping work toward a solution to this and other IDN-related issues, please visit
<a href="https://uasg.tech/">https://uasg.tech/</a> or <a href="https://uasg.tech/contact/">
get in touch</a> to learn more. </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-family:"Times New Roman";mso-fareast-language:ZH-CN"><br clear="all">
<o:p></o:p></span></p>
<div class="MsoNormal" style="margin-left:.5in"><span style="font-family:"Times New Roman";mso-fareast-language:ZH-CN">
<hr size="1" width="33%" align="left">
</span></div>
</div>
</div>
<div style="mso-element:footnote-list"><br clear="all">
<hr align="left" size="1" width="33%">
<div style="mso-element:footnote" id="ftn1">
<p class="MsoFootnoteText"><a style="mso-footnote-id:ftn1" href="#_ftnref1" name="_ftn1" title=""><span class="MsoFootnoteReference">[1]</span></a>
<span lang="EN-SG">Exceptions are practiced for languages with established orthographies and conventions that require the commingled use of multiple scripts, e.g. the Japanese writing system.</span><o:p></o:p></p>
</div>
</div>
</body>
</html>