Why a Letter Isn’t Always What It Seems: Understanding Homoglyphs in Cybersecurity
Why a Letter Isn’t Always What It Seems: Understanding Homoglyphs in Cybersecurity
Introduction
In cybersecurity, not everything is as it appears. A single character can be the difference between safety and a data breach. Homoglyphs are characters that look nearly identical but have different underlying codes; these are a subtle but powerful tool for attackers. From phishing emails to spoofed domains, homoglyph attacks exploit human trust in what we see on screen.
In this blog, we’ll break down what homoglyphs are, how they’re used in real-world attacks, and most importantly how to detect and prevent them.
What Are Homoglyphs?
A homoglyph is a character that visually resembles another character but comes from a different script or has a different Unicode value.
For example:•
- Latin “a” (U+0061) vs. Cyrillic “а” (U+0430)
- Latin “O” vs. Cyrillic “О”
- Number “0” vs. letter “O”
- Lowercase “l” vs. uppercase “I”
On most screens, they look identical. To a human eye, the difference is invisible. But to a Computer, they’re entirely different symbols.
What Are Homoglyphs?
| Character Type | Legitimate Character | Look-Alike Homoglyph | Unicode Value | Example in Use |
|---|---|---|---|---|
| Latin vs Cyrillic | Latin “a” (a) | Cyrillic “а” (а) | U+0061 vs U+0430 | apple.com vs аpple.com |
| Latin vs Cyrillic (O) | Latin “o” (o) | Cyrillic “о” (о) | U+006F vs U+043E | google.com vs gоogle.com |
| Digit vs Letter | Number “0” (0) | Uppercase “O” (O) | U+0030 vs U+004F | m0ney.com vs money.com |
| Lowercase vs Uppercase | Lowercase “l” (l) | Uppercase “I” (I) | U+006C vs U+0049 | link.com vs Iink.com |
| Accented Characters | Latin “e” (e) | Latin “é” (é) | U+0065 vs U+00E9 | resume.com vs résumé.com |
| Special Symbols | Hyphen-minus (-) | En dash (–) / Em dash (—) | U+002D vs U+2013 / U+2014 | my-site.com vs my–site.com |
How Attackers Use Homoglyphs
1. Phishing and Spoofing
Attackers replace characters in URLs to create fake domains that look legitimate.
Example: yahoo.com vs. yаhoo.com (where the “a” is Cyrillic).
2. Domain Name Spoofing
Fake websites harvest login credentials or financial details from unsuspecting users.
3. AI Text Evasion
Homoglyphs can be inserted into generated text to evade detection systems, making it harder to flag malicious AI-generated content.
How to Protect Yourself
- Hover over links: Always check where a link leads before clicking.
- Use browser protections: Browsers have built-in defences against homoglyph domains.
- Scrutinize URLs: Watch for unusual characters, dots, or accents.
- Enable Safe Links: Services like Microsoft’s Safe Links add an extra security layer.
- Stay aware: Awareness is the first line of defence.
Detecting & Preventing Homoglyph Attacks
Detection Tools
- Domain Monitoring: Track for lookalike domains targeting your brand.
- Source Code Scanning: Use Unicode-aware scanners to catch homoglyphs in variable names or code.
- Font-Aware Diffing: Visual comparison tools highlight character swaps in codebases.
Prevention Methods
- Normalize Input: Standardize Unicode characters to avoid trickery.
- URL & Email Filtering: Block known homoglyph variants.
- Security Policies: Apply Sub Resource Integrity (SRI) and strong Content Security Policies (CSP).
- Use Punycode for IDNs: Makes hidden Unicode characters visible in URLs.
Homoglyph attacks may seem like a small trick, but they’re a favourite weapon of cybercriminals because of their simplicity and effectiveness. One swapped character can be the difference between security and compromise. Combining awareness with the right tools, you can drastically reduce your exposure to homoglyph-based attacks.
Remember: If something looks off, it probably is. In cybersecurity, details matter.
