---
title: "The Revival Of IDN (Phishing) Attacks With Microsoft Outlook | Phish Protection"
description: "The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets."
image: "https://phishprotection.com/og/blog/revival-of-idn-phishing-attacks-with-microsoft-outlook.png"
canonical: "https://phishprotection.com/blog/revival-of-idn-phishing-attacks-with-microsoft-outlook/"
---

Quick Answer

The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets, making the domain look identical to the Daily ASCII domain. \_Unicode domain names could be problematic from a security point of view\_, as many Unicode characters are hard to distinguish from regular ASCII characters. \[Phishing attacks\](/blog/increased-phishing-attacks-during-pandemic-how-to-stay-safe-and-relevant-post-covid-era/) with Internationalized Domain Names (IDNs) using \*\*Unicode characters\*\* and non-Latin character sets such as Cyrillic and Greek look like typical Latin characters.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Frevival-of-idn-phishing-attacks-with-microsoft-outlook%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Revival%20Of%20IDN%20%28Phishing%29%20Attacks%20With%20Microsoft%20Outlook&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Frevival-of-idn-phishing-attacks-with-microsoft-outlook%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Frevival-of-idn-phishing-attacks-with-microsoft-outlook%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Frevival-of-idn-phishing-attacks-with-microsoft-outlook%2F&title=The%20Revival%20Of%20IDN%20%28Phishing%29%20Attacks%20With%20Microsoft%20Outlook "Share on Reddit") [ ](mailto:?subject=The%20Revival%20Of%20IDN%20%28Phishing%29%20Attacks%20With%20Microsoft%20Outlook&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Frevival-of-idn-phishing-attacks-with-microsoft-outlook%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/09/phishing-prevention-best-practices-8246.jpg) 

The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets, making the domain look identical to the Daily ASCII domain. _Unicode domain names could be problematic from a security point of view_, as many Unicode characters are hard to distinguish from regular ASCII characters. [Phishing attacks](/blog/increased-phishing-attacks-during-pandemic-how-to-stay-safe-and-relevant-post-covid-era/) with Internationalized Domain Names (IDNs) using **Unicode characters** and non-Latin character sets such as Cyrillic and Greek look like typical Latin characters.

[Outlook phishing emails](/blog/o365-phishing-attack-organization-pay-attention-to-microsoft/) sent by an IDN have a severe problem. The recipient cannot distinguish between the real and the fake email handles and also views the contact card of a professional contact, which is against their privacy, because they see the person affected by the attack. If the email comes from a similar domain, Outlook will show the person’s contact card registered on that domain or an equivalent address instead of the fake sender. Thus, _the problem with Outlook is that the recipient of a **phishing email** from an IDN cannot tell the actual email address from the fake one_, and also views the “contact card” of a “professional contact” because they see the details of the “victim” instead of the attacker.

### What Are IDN Attacks?

_Domain owners can register multiple versions of their domains, such as ASCII and IDN versions_, to enhance user experience and prevent potential counterfeiting. Fake domain names resembling legitimate websites can lead users to **counterfeit websites** that collect confidential user information. The ability to register domains with identical characters, mainly Arabic character sets, provides a versatile attack space for malicious actors from which threats can operate.

In short, _attackers can register doppelganger domain names by exploiting the similar appearance of certain characters_ in English, Chinese, Latin, Greek, and other scripts. Punycode encoded domains can be designed to resemble trusted domains by using [homographic characters](/blog/homograph-phishing-attack-antidote-awareness-training/) or different character sets. This attack uses internationalized domain name homographs that rely on users accessing Unicode (ASCII) characters resembling Latin ones.

The attacker hosts a **malicious site**, attracts potential victims, exposes them to exploits and malware downloads, and the user is neither wiser about what’s about to happen nor has a way to realize that the domain name is wrong.

### What Happened In MS Outlook’s Case?

> “Microsoft’s built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn’t catch. Adding a dedicated anti-phishing layer takes five minutes and closes that gap.” - **Adam Lundrigan**, CTO, DuoCircle

According to reports from two different security researchers, _Microsoft Outlook is unprotected against phishing attacks using international domain names_ (IDNs). Phishing campaigns use Microsoft Outlook to deceive people who believe that fake emails originate from genuine contacts. Earlier this month, Infosec professional and Pen-tester [Dobby Wankenobi showed](https://insider-voice.com/microsoft-outlook-displays-real-persons-contact-information-for-idn-phishing-emails/) how he could trick the address book component within _Microsoft Office to display accurate contact information, even though the fake email address of the sender uses IDNs_. Microsoft’s response states that the vulnerability has not been fixed and points out that this type of **phishing attack** is unsuccessful with Outlook Web Access (OWA). According to Manzotti, senior consultant of Dionach, Outlook will not verify encrypted domains, allowing attackers to fake valid contacts within the target organization.

The problem of IDN-based **phishing websites** was in the headlines in 2017 when web application developer [Xudong Zheng demonstrated](https://insider-voice.com/microsoft-outlook-displays-real-persons-contact-information-for-idn-phishing-emails/) that modern browsers did not recognize them at the time. Unicode domains are problematic for security because _many Unicode characters are difficult to distinguish from standard ASCII characters_. However, research has shown that sophisticated **phishing attacks** using IDN homographs are possible.

### Do You Need to Take Any Precautionary Measures?

The IDN-based homograph attacks, also known as name homoglyphs or **script spoofing**, is a method by which an attacker deceives their victims by announcing that the page they are visiting is genuine.

The best approach to defend against such attacks on the client side is to ensure that web browsers do not support IDNs. Chrome and popular browsers try to balance the need to implement IDN policies so that IDNs can appear as valid domains while protecting them from confusing [homographic attacks](/blog/homograph-phishing-attack-antidote-awareness-training/).

### Attacks Like These Prove Why Phishing Awareness Training Is Important

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2021/09/phishing-prevention-best-practices-8246.jpg) 

[Phishing awareness training](/products/phishing-awareness-training/) helps educate the end-users about specific **phishing threats** they encounter in their daily lives. It has become a necessity in the current times to safeguard the organization’s valuable information assets against phishing threats posed by malicious actors.

_**Phishing awareness training** is essential for employees so that they know what is legit and what is not_. It plays a crucial role in preventing employees from becoming vulnerable to attackers. Verizon Communications Inc.’s [Data Breach Investigations Report](https://enterprise.verizon.com/resources/reports/dbir/2019/results-and-analysis/) found that **94% of malware** was delivered via email, and one-third of all breaches involved manipulation of employees via phishing attacks. Further, it showed that _one-third of all cyber-attacks are attributable to phishing scams_, and the number jumps to 78% if one includes cyber-espionage attacks. Also, human errors caused **85% of data breaches**, and _61% of breaches involved leaked credentials_. One such case was discovered by a security researcher at the Akamai organization who spotted a [phishing scam in which Netflix customers were asked](https://www.smh.com.au/business/consumer-affairs/netflix-customers-urged-to-be-vigilant-as-high-quality-email-scam-circulates-20190129-p50udt.html) for payment details, for example, by embedding an advertised tweet that redirected users to a genuine-looking PayPal login page. Another phishing instance involved an email that appeared to be from United Parcel Service Inc. (UPS) with an alleged tracking link that motivated **21% of the users** to reply to it. Such incidents keep emphasizing how vital [phishing awareness training](/products/phishing-awareness-training/) is, which can _help employees be aware of an attempt to trick them_.

[Another report](https://www.mimecast.com/state-of-email-security/) revealed that phishing attacks are the most widespread and have **risen by 63%** since the pandemic.

In essence, without a state-of-the-art training strategy, _employees cannot be capable of detecting and thwarting such phishing and social engineering attempts_.

### Final Words

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2021/09/phishing-attack-prevention-6715.jpg) 

The problem with [Outlook phishing emails](/blog/o365-phishing-attack-organization-pay-attention-to-microsoft/) sent by IDNs is that _the recipient cannot distinguish between the fake and the actual email addresses_ and can view a legitimate contact’s contact card. The use of external sender email alerts and email signing **security features** are also steps organizations should take to deter phishing attacks, besides preparing the employees with the best training sessions.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Revival Of IDN (Phishing) Attacks With Microsoft Outlook","description":"The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets.","url":"https://phishprotection.com/blog/revival-of-idn-phishing-attacks-with-microsoft-outlook/","datePublished":"2021-09-23T09:02:46.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-09-23T09:02:46.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/revival-of-idn-phishing-attacks-with-microsoft-outlook/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1011,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/09/phishing-prevention-best-practices-8246.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What Are IDN Attacks?","acceptedAnswer":{"@type":"Answer","text":"Domain owners can register multiple versions of their domains, such as ASCII and IDN versions_, to enhance user experience and prevent potential counterfeiting. Fake domain names resembling legitimate websites can lead users to **counterfeit websites** that collect confidential user information. ..."}},{"@type":"Question","name":"What Happened In MS Outlook's Case?","acceptedAnswer":{"@type":"Answer","text":"> \"Microsoft's built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn't catch. Adding a dedicated anti-phishing lay..."}},{"@type":"Question","name":"Do You Need to Take Any Precautionary Measures?","acceptedAnswer":{"@type":"Answer","text":"The IDN-based homograph attacks, also known as name homoglyphs or **script spoofing**, is a method by which an attacker deceives their victims by announcing that the page they are visiting is genuine."}}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"The Revival Of IDN (Phishing) Attacks With Microsoft Outlook","item":"https://phishprotection.com/blog/revival-of-idn-phishing-attacks-with-microsoft-outlook/"}]}
```