What is a homoglyph attack? Explained

ByCraig Haley

Cyber crooks have plenty of tricks up their sleeves when it comes to deceiving victims, and one such technique is the homoglyph attack which is used to disguise the fact that a person has landed on a spoof website masquerading as the legitimate site of a known brand.

First, what is a homoglyph? It’s one of a pair of characters (or glyphs) that appear extremely similar to each other, but have different uses.

While all the letters in the standard English (Latin) alphabet and standard Arabic numeral system (0-9) look different and are unlikely to be confused with one another (with the possible exception of O and 0) when we also take into account characters from different languages (that often use the Cyrillic script) the result is a many number of homoglyph pairs.

What is a homoglyph attack?

This is when cyber-crooks take advantage of these similarities to create fake web domains that may appear to be legitimate but are completely fake and controlled by the crooks. For example, in the past a person could have landed on аррӏе.com which appears to be the official website for Apple. Only it isn’t, because the domain actually contains Cyrillic characters that look like the letters they’re impersonating. (If you don’t believe us, copy and paste it into your web address bar and see if you go to the Apple website or somewhere else! 😉 )


Sponsored Content. Continued below...




You can’t have Cyrillic letters in web addresses (URLs) but crooks would – in the past – exploit a security flaw in Internet browsers that would force them to convert certain special commands to Cyrillic letters automatically, creating the above illusion.

So for example we could create thаtѕnοnѕenѕe.com – which contains Cyrillic ‘a’ ‘s’ and ‘o’ characters. (Again – try copying and pasting the address into your browser and you’ll see it’s not real.) In the past we could use a web address with a series of special commands – http://xn--thatsnnene-jvi1zc.com/ – to forward victim’s to the fake address, and the browser would show thаtѕnοnѕenѕe.com (fake) in the address bar when that would not – in fact – be the official thatsnonsense.com domain.

In 2017 these types of attacks became less common after most modern web browsers fixed this flaw and stopped converting the domains to show Cyrillic characters, meaning if we did register the http://xn--thatsnnene-jvi1zc.com/ domain today, it would not convert to the fake thаtѕnοnѕenѕe.com equivalent.

However, homoglyph attacks can still occur. In 2021 Microsoft removed a number of domains using similar techniques to trick victims. So it always pays to check the URL address that little bit more carefully.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)