Homoglyph Substitution
Replaces characters with visually similar ones (e.g., "l" with "1", "o" with "0", or Cyrillic lookalikes). Very hard to spot visually.
How It Works
Homoglyph attacks replace characters with visually identical or nearly identical characters from different character sets. For example, the Latin "a" and the Cyrillic "а" look identical but have different Unicode code points. Similarly, "l" (lowercase L), "1" (one), and "I" (uppercase i) are visually similar. These domains can be virtually impossible to distinguish from the real one.
Real-World Examples
- аpple.com (using Cyrillic "а" instead of Latin "a") — demonstrated in IDN homograph attacks
- paypa1.com (using "1" instead of "l")
- rnicrosoft.com (using "rn" to mimic "m")
Prevention Tips
- Register IDN (Internationalized Domain Name) variants of your brand with common Cyrillic substitutions.
- Modern browsers display IDN domains in punycode (xn--) format to warn users.
- Implement email filtering rules that detect homoglyph domains in phishing emails.
- Use the full scan to identify all possible homoglyph combinations for your domain.