A recent announcement by ICANN regarding international domain names poses some security risks, according to ISACA, a global association of IT security, audit and governance professionals.

ICANN (Internet Corporation for Assigned Names and Numbers) recently announced that International Domain Names (IDNs) will support non-Latin characters, including Mandarin, Arabic, Hindu and Cyrillic. ICANN is also discussing expanding the number of generic top-level domains (gTLDs), such as .com and .org, from its current list of 21 to include almost any word, in almost any language

“While we understand the interest in expanding the characters offered in other languages, we are concerned that an increase in web site characters could lead to greater security risks and consumer fraud,” said Peter Wood, member of ISACA’s Conference Committee and founder of First Base Technologies.

“The number of phishing attacks could surge, with attempts to confuse users by replacing conventional web addresses and gTLDs with non-Latin scripts. People might think they are on a trusted site, but inadvertently enter credit card numbers and other personal information on a fraudulent site.”

Explains Wood, “Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lowercase A ("a") is indistinguishable from Latin lowercase A ("a"). An unscrupulous host site can use this visual ambiguity to pretend to be another site and take advantage of site visitors.”

According to ISACA, a global association of 86,000 IT governance professionals, it is critical to type a web site’s IP address directly into the browser, rather than click on links in e-mails and social networking sites.

Wood advises organisations and individuals to also verify that the web security technology they have in place will protect them and will be able to recognise the new character sets when they are made available by ICANN to ensure that they will not be directed to a spoof or malicious site.

For additional information on ISACA, visit www.isaca.org.

About ISACA

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.

ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.