Homoglyph attack

Replacing a character in a domain with a visually identical one (often a Unicode lookalike) so the URL passes a glance test.

A homoglyph is a character that looks like another character. The Cyrillic "а" looks identical to the Latin "a" on most screens; the digit "0" looks like the letter "O"; "rn" together resembles "m".

Attackers use this in two ways. Internally — substituting one character within an ASCII domain (paypa1.com, micr0soft.com) — and externally, with full IDN/Punycode domains using non-ASCII characters that render identically to the real brand.

Browsers warn on most cross-script IDN homographs now, but mixed-script attacks (Cyrillic а inside an English word) and digit/letter substitutions still slip through.

Example

apple.com → аррӏе.com (Cyrillic а, р, ӏ, е)

Related terms

Typosquatting

Registering domain names that look like a known brand to catch users who mistype or skim. The infrastructure layer of phishing.

IDN homograph (Punycode)

Internationalized Domain Names that use non-ASCII characters to spoof brand names.

Phishing

Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.

Got a URL you're unsure about?

Paste it into our free scanner — verdict in seconds, 10+ threat-intel sources.

Scan a URL →