Homoglyph Phishing Attack: Don’t Let Your Eyes Fool You | Homoglyph attacks explained

A homoglyph with two or more graphemes, characters, or glyphs with shapes that appear identical or cannot be distinguished by quick visual inspection.

That is, two characters that, at first glance, could seem the same but, in reality, are very different. Some of the most basic examples of homoglyphs are found between the capital letter i (I) and the lowercase letter ele (l) in certain fonts or the capital letter o (O) and zero (0).

If we showed you these characters (IOl0) separately in a text, would you be able to distinguish which is which? This is just a simple example of a homoglyph . But we upped the ante and added characters in other alphabets, such as Cyrillic, Armenian, Hebrew, or Greek, that match the shape of characters in the Latin alphabet.

Cybercriminals are already using it to trick users into the names of domains they think they are visiting

At a visual level, the user would see that in the address bar of his browser appears, for example, the legitimate domain of PayPal, when in reality he would be visiting “РayРal” a false domain that uses the character “Р” of the very similar Cyrillic alphabet . to the Latin letter P, but it is impossible to differentiate.

Both characters appear identical to users, but at the computer level, both characters have different encodings, so if a cybercriminal registers a domain in which Cyrillic characters are used to emulate Latin ones, it would be totally different from the original and would have all the security certificates, although they are visually identical to the user .

This cancels two of the tricks that users used to detect phishing at a stroke : the suitability of the domain, which in this case coincides 100% visually with the original; and the HTTPS prefix, since the page, although fraudulent, has all the security certificates since its domain is legitimate .

Research Websites

A good method to discover if it is a legitimate website is to view the certificate information to see who it has been issued to. Just click on that padlock and on the Certificate option to check if it has really been granted to the company that it claims to be. Be wary if the company name appears in this certificate or in the domain name in the URL with minor variations such as appleid.apple.com or signpaypal.paypal.com .


In the most extreme cases, forms have been detected on these fraudulent pages in which the user is even asked to attach a selfie to their credit card or to their identity card or passport. The objective behind the collection of such amount of data is not only to steal the user’s credentials , but also to seek to impersonate their identity to request loans or banking services in your name.