# Phish

## Quick

Buy old domain

Email/server account SMTP

DNS

WEB SERVER + SSL

Macros

Dropper

**Misspelling:** goggle.com Vs google.com

**Additional Period:** go.ogle.com Vs google.com

**Switching numbers for letters:** g00gle.com Vs google.com

**Phrasing:** googles.com Vs google.com

**Additional Word:** googleresults.com Vs google.com

\
**TLD Alternatives:**

A TLD (Top Level Domain) is the .com .net .co.uk .org .gov e.t.c part of a domain name, there are 100's of variants of TLD's now. A common trick for choosing a domain would be to use the same name but with a different TLD. For example, register turbosec.co.uk to impersonate turbosec.net

<br>

**IDN Homograph Attack/Script Spoofing:**

Originally domain names were made up of Latin characters a-z and 0-9, but in 1998, IDN (internationalized domain name) was implemented to support language-specific script or alphabet from other languages such as Arabic, Chinese, Cyrillic, Hebrew and more. An issue that arises from the IDN implementation is that different letters from different languages can actually appear identical. For example, Unicode character U+0430 (Cyrillic small letter a) looks identical to Unicode character U+0061 (Latin small letter a) used in English, enabling attackers to register a domain name that looks almost identical to another.