What are Homoglyph Attacks and how to avoid them

Homoglyph attacks are not particularly new, but they are becoming increasingly prolific and successful. We discuss how they work and how you can avoid them.

Homoglyphs are two or more characters (e.g. letters) that appear very similar. On a Standard English keyboard, for example, we have 26 letters, one for each letter in the alphabet. But because many other countries have additional letters in their languages outside of the Standard English alphabet, our computer is capable of inputting a large number of different characters, many of which will appear very similar to each other. Homoglyphs.

If you’re using a Windows computer, you can see many of these additional characters by opening the Character Map application.

This is great for those who need to use different characters that don’t belong in the English language, but this is also a feature that is often misused by crooks. Take a look at the image below that was being spread between users across WhatsApp.

Upon a cursory glance, the message appears to direct users to the real Alton Towers website at altontowers.com. However, upon a much closer inspection, you can see a tiny dot above the o. This is a foreign character. The letter o and this character are homoglyphs. You can see that crooks are using these similar looking characters to make a fake web address look legitimate.

In the example above that was promising WhatsApp users 5 free WhatsApp tickets, users who clicked the fake Alton Towers link were directed to a spammy marketing webpage that would harvest their personal details and bombard them with marketing calls, texts and emails. Of course, there were no Alton Towers tickets really on offer, and the website users were directed to (with the foreign ‘0’) had nothing to do with the real Alton Towers.


Sponsored Content. Continued below...




However homoglyph attacks can also be used with other types of scams, including phishing attacks. For example, emails that appear to come from PayPal or your bank may try and direct you to a spoof website that has been disguised by such homoglyphs to appear like the genuine web address.

For example, a phishing email may try to lure you to a web address like ‘www.pɑypal.com’. But that’s not the real PayPal web address. Look at the first ‘a’. It’s different to the second ‘a’ character. The first ‘a’ is a homoglyph of the English letter.


Sponsored Content. Continued below...




Spotting such scams can be difficult, because such characters can look almost identical to their authentic counterparts, but understanding how these scams work is half the battle.

Always remember that clicking on links in messages or emails is inherently risky and should be avoided if possible. Before you click a link, look closely at the web address or link and see if something doesn’t look quite right. And if you’re unsure, don’t click. You can always type the web address manually in the address bar if you need to visit a website.