English 
Русский 
简体中文 
Português do Brasil 
Français 
Español 
Türkçe 
Polski 
Tiếng Việt 
한국어 
Nederlands 
Italiano 
日本語 
Eesti 
Čeština 
മലയാളം 
Bahasa Melayu 
हिन्दी 
اردو 
Bahasa Indonesia 
Safe WebHomograph attack is a type of attack that involves the use of homographs, which are words that have the same spelling but a different meaning, in order to trick a user into divulging sensitive information. The technique involves displaying one of the homographs while disguising a different one in its place, often through the use of special characters in the place of one of the letters or of the word itself. It is designed to take advantage of the human perception that words with the same spelling have the same meaning, and is commonly used in phishing scams.
The term “homograph attack” first appeared in the context of computer security in the late 1990s. Since then, homograph attacks have become a major security concern with increasing use of online communication among different regions and cultures.
In a homograph attack, the attacker creates a domain name or website link that appears to be legitimate, but is in fact illegitimate. A website, for example, may appear to be a legitimate business, but is actually hosted on a malicious server. Because of the similarity in spelling, the user may not be aware that the domain name or link is illegitimate. When the user clicks on the link, they are then directed to a malicious website, where they may be tricked into giving up valuable information, such as credit card numbers or personal data.
The most common type of homograph attack is called an ‘IDN homograph attack’, which stands for internationalized domain name. This type of attack involves a domain name which has characters which appear to have a similar effect to those of another language. For example, in a Cyrillic domain, the character for ‘e’ is ‘u0435’, so it may appear the same as an ‘e’ in the Latin script – ‘e’ – to the user. This allows the attacker to register a domain name which appears to be that of a legitimate website, but contains characters from another language.
Homograph attacks can be difficult to detect and fight against, as the domain names or website links can appear legitimate even to the most knowledgeable users. To help prevent such attacks, users should exercise caution when clicking on any unfamiliar hyperlinks or visiting any unfamiliar websites. They should also be aware of the character sets used in different languages, as this can help them detect any suspicious domain names or websites. Additionally, some types of browsers and web services are better equipped to block such attacks, so users should be sure to use the most updated version of their browser or web service.
