jspωiki
IDN homograph attack

Overview#

IDN homograph attack (Internationalized Domain Name) is a Phishing attack where a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike.

For example, a regular user of example.com may be lured to click a link where the Latin A is replaced with the Cyrillic A.

Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks.

IDN homograph attack is used and a Security Consideration for Internationalized Domain Names (IDN) and Internationalized Resource Identifiers (IRIs) when used within URLs

The registration of homographic domain names is akin to typosquatting, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator relies on natural human typos, while in homograph spoofing the perpetrator intentionally deceives the End-User with visually indistinguishable names.

More Information#

There might be more information for this subject on one of the following: