Overview#

Punycode is defined in RFC 3492 as a way to represent Unicode within the limited character subset of ASCII used for Internet hostnames.

For example, "München" (German name for the city of Munich) would be encoded as "Mnchen-3ya".

Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphen (the Letter-Digit-Hyphen (LDH) subset, as it is called).

Punycode has been used in Phishing Attacks to miss-represent hostnames which are referred to as Homograph attack[2] [3]

More Information#

There might be more information for this subject on one of the following:

• Homograph attack
• Internationalized Domain Name
• Phishing
• RFC 3492

---

• [#1] - Punycode - based on information obtained 2017-06-21
• [#2] - Phishing with Unicode Domains - based on information obtained 2017-05-05
• [#3] - Faking Domain Names with Unicode Characters - based on information obtained 2017-06-21