Introduction
Some people have a fantastic sense of noticing things and a pristine attention to details. This can be both a blessing and a curse. Sometimes it can be tiring to always notice every little detail but also it can save you from making some mistakes or even getting hacked - because that’s the kind of attention that can be your saving grace in a homograph attack! The rest of us can just cross our fingers and hope we won't have to deal with one, because I guarantee you, that kind of attention is for the fine eye only.
Definition
Homographic characters means that the Latin letters are replaced by different character sets, like Cyrillic, Greek, or other Unicode characters, which look almost identical to Latin letters, similar and yet different. This type of spoofing attack is also known as script spoofing.
A homograph attack is actually a type of phishing attack based on using similar characters to pretend to be something it’s not. These attacks are based on international domain names (IDN) and can be unrecognisable from the domains they are spoofing.
Understanding homograph attacks
The whole purpose is to trick users into thinking they are visiting a legitimate website, or that they received a legitimate email when actually they are directed to a malicious website controlled by the attacker
These kinds of attacks are particularly sneaky because they use human perception and the way we visually process domain names, making it difficult for users to distinguish between legitimate and malicious URLs.
This type of attack can be used for all sorts of bad purposes, like phishing for personal information like usernames, passwords, financial details or spreading malware.
Here’s an example:
- The Latin "a" (U+0061) and the Cyrillic "а" (U+0430) look very similar but are different characters.
- A malicious actor might register a domain like "раypal.com" (with the first letter being Cyrillic), which looks very much like the legitimate "paypal.com."
Conclusion
No matter how hard, it is still possible to stay safe online. Spread awareness, use a secure browser, regularly update your software, enable 2FA wherever possible and filter your emails. And these are just a few ways of how you can keep your digital navigation safe.
Remember to be vigilant, stay informed, and always be secure online!