Many domain name extensions support internationalized domain names (IDNs), i.e. including characters other than Latin characters (a-z, 0-9 and “-“). These include, for example, letters with accents, or the Vietnamese, Cyrillic or even Chinese alphabets.
To be readable by the Internet network and DNS servers, all internationalized domain names have a “punycode” equivalent: a domain name starting with “xn--“.
In the vast majority of cases, it is very easy to identify these IDNs, when the domain name is entirely composed of them, or when the alphabet is obviously not Latin. That is the case of the domain name <스타벅스.com>, in Korean characters, used by the coffee chain for its local website. Its punycode is “xn--ik3bz5iba065l.com”.
But used improperly and attached to Latin characters, they can present a significant risk for consumers.
A dramatic upsurge was noticed in domain names containing underdots, especially when a cyberquatter registered ạirfrance.com. Within a URL, usually underlined, the difference between this domain name and airfrance.com, the official domain name of the airline, is hardly noticeable. A fake contest had been created with the aim of collecting personal data, and many consumers were defrauded.
Small caps or Cyrillic characters can be even more confusing. In 2017, IKEA filed a complaint with the WIPO against the domain name <ıĸea.com>.
Another example: at first glance the domain names and <gооgle.com> are strictly identical. However, if the first is indeed the main domain name of the global search engine, the second contains two letters ‘о’ of the Cyrillic alphabet.
google.com (punycode: google.com)
gооgle.com (punycode: xn--ggle-55da.com)
The risk of internationalized domain names is therefore that of being perfectly indistinguishable from the domain names used by trademark holders.
In the context of phishing campaigns, they are particularly effective in deceiving consumers, since the usual advice to verify the sender of emails received or to verify the link to click, is completely ineffective.
It is therefore strongly recommended that trademark owners register variations of their names in IDN, for purely defensive purposes. It is also essential to have a domain name monitoring in place that covers IDNs, in order to can act as soon as a threat is detected.