Homoglyph attack

by Felix Kinaro About 1 min reading time

This is whereby a website uses letters or numbers that look similar but may not be in hte same language. For instance, one may register a domain that looks like apple.com but the letter 'a' is in Cyrillic (U+0430) while the ASCII letter 'a' is (U+0061).
Fake apple website

Another trick would be using letters which when combined look like a genuine site, such as rnicrosoft.com

Web browsers handle text in the unicode format, where every character, regardless of the language, has a unique code. However, humans can be easily deceived since the letters appear to be the same regardless of language. Researchers have published various proofs of concept.

With this in mind, a malicious actor can register fake domains in order to trick users into supplying sensitive information. This is made trivial by the fact that they can install valid SSL certificates, hence make everything convincing to the user. Phishing emails may also be sent, encrypted with valid certificates, to trick users further.

Follow me on Twitter @0xOOOOK