Homograph Attack
Homograph Attack Definition
A homograph attack (also known as an IDN homograph attack, homoglyph attack, or script spoofing) is a spoofing technique that uses lookalike characters to imitate a legitimate name. It can appear in a domain name, email address, username, or file name. Its purpose is to make a fake source seem trustworthy, often as part of phishing, malware delivery, or credential theft.
How a Homograph Attack Works
A homograph attack usually works by changing just one character in a familiar name. The attacker may use a letter from another alphabet, a number instead of a letter, or two characters arranged to look like one. Because the change is small, many people miss it. If they click the link, open the file, or reply to the message, they may end up on a fake site, download malware, or give away sensitive information.
How IDNs and Punycode Enable Homograph Attacks
Some homograph attacks involve Internationalized Domain Names (IDNs), which let web addresses use characters from writing systems other than the basic Latin alphabet. These writing systems include Cyrillic, Greek, Arabic, and others. This is possible because of Unicode, the standard that stores and displays characters from many languages.
Punycode is the encoded form used to represent those characters in a format that the domain name system (DNS) can process. Domains written in Punycode often begin with xn--. A web address may look normal in the browser, but its Punycode form can show that it isn't the domain it seems to be.
How to Spot and Prevent a Homograph Attack
- Check the full address for small changes, unusual letters, or numbers where letters should be.
- Use bookmarks for banking, email, and other sensitive sites instead of links in messages or ads.
- Review the full sender address instead of trusting the display name alone.
- Watch for addresses that begin with xn--, which may show the Punycode version of a domain.
- Update your browser so it can better flag suspicious or misleading addresses.
- Use a password manager, since it may fail to autofill on a fake login page.
- Slow down when a message asks for a login, payment, code, or download.
Read More
FAQ
No. Phishing is a scam that tries to get someone to click a link, open a file, or share personal information. A homograph attack is just one of the methods used to help make that scam seem more convincing.
Typosquatting uses common typing mistakes, like a missing letter, an extra letter, or letters in the wrong order. A homograph attack is different because the name may appear correct even when it isn't. Both use a similar-looking name to mislead people, but typosquatting depends on typing errors, while a homograph attack depends on visual tricks.
Yes. The attack is malicious by definition because it's meant to deceive someone, but the characters themselves aren't harmful. Many writing systems use lookalike characters in normal ways. The issue starts when someone misuses them to copy a trusted name.
No. The risk can be lowered, but it can’t be removed fully in every situation. Updated browsers, careful habits, and security tools can help stop many of these attacks.
45-Day Money-Back Guarantee