Homograph Attacks - The Illusion of Trust

A homograph attack uses look-alike characters from different scripts to mimic trusted domains, making phishing harder to spot
Subscribe to Sonar
Get the best and latest safety tips delivered to your inbox each month.
SHare this
In this article
A homograph attack uses characters from scripts like Cyrillic or Greek that look almost identical to Latin letters. This lets attackers create fake domains that closely resemble legitimate ones. Often used in phishing these attacks exploit subtle visual differences, making them difficult to detect.

Introduction 

Some people have a fantastic sense of noticing things and a pristine attention to details. This can be both a blessing and a curse. Sometimes it can be tiring to always notice every little detail but also it can save you from making some mistakes or even getting hacked - because that’s the kind of attention that can be your saving grace in a homograph attack! The rest of us can just cross our fingers and hope we won't have to deal with one, because I guarantee you, that kind of attention is for the fine eye only. 

Definition 

Homographic characters means that the Latin letters are replaced by different character sets, like Cyrillic, Greek, or other Unicode characters, which look almost identical to Latin letters, similar and yet different. This type of spoofing attack is also known as script spoofing.

A homograph attack is actually a type of phishing attack based on using similar characters to pretend to be something it’s not. These attacks are based on international domain names (IDN) and can be unrecognisable from the domains they are spoofing.

Understanding homograph attacks 

The whole purpose is to trick users into thinking they are visiting a legitimate website, or that they received a legitimate email when actually they are directed to a malicious website controlled by the attacker 

These kinds of attacks are particularly sneaky because they use human perception and the way we visually process domain names, making it difficult for users to distinguish between legitimate and malicious URLs. 

This type of attack can be used for all sorts of bad purposes, like phishing for personal information  like usernames, passwords, financial details or spreading malware.

Here’s an example:

  • The Latin "a" (U+0061) and the Cyrillic "а" (U+0430) look very similar but are different characters.
  • A malicious actor might register a domain like "раypal.com" (with the first letter being Cyrillic), which looks very much like the legitimate "paypal.com."

Conclusion 

No matter how hard, it is still possible to stay safe online. Spread awareness, use a secure browser, regularly update your software, enable 2FA wherever possible and filter your emails. And these are just a few ways of how you can keep your digital navigation safe. 

Remember to be vigilant, stay informed, and always be secure online!