Cybersecurity 101back-iconWhat is Homograph attack?

What is Homograph attack?

A homograph attack is a deception technique where attackers use look-alike characters, domains, or text to make a fake website, email address, or link appear legitimate. In homograph phishing, this trick is used to mislead users into trusting a fraudulent destination that visually resembles a real brand, service, or colleague’s address.

For example, an attacker may register a domain that replaces a Latin character with a similar-looking character from another script. To a busy employee, the fake link may look almost identical to the trusted one, especially on a small screen or inside an email preview.

How homograph phishing works

Homograph phishing relies on visual similarity. Modern domain names can support international characters, which is useful for global languages but can also be abused when characters from different scripts resemble one another.

Attackers often combine this with familiar social engineering tactics: urgency, invoices, password resets, delivery notices, or executive impersonation. The goal is to make the victim click before inspecting the link carefully.

Technique Risk
Look-alike domains Users may enter credentials on a fake login page.
Spoofed sender names Employees may trust fraudulent payment or data requests.
Masked links in email The visible text may hide a suspicious destination.

Why homograph attacks are dangerous

Homograph attacks are dangerous because they exploit human perception, not just technical weakness. Even trained users can miss a single altered character when an email appears to come from a known brand, vendor, or internal team.

These attacks can lead to credential theft, account takeover, business email compromise, malware delivery, and unauthorized access to company systems. In managed environments, tools such as Hexnode can support risk reduction by helping enforce browser controls, device compliance, app restrictions, and secure access policies across endpoints.

How to prevent homograph phishing

Organizations should treat homograph phishing as both a user-awareness issue and a control-design issue.

  • Train users to inspect domains before entering passwords or approving requests.
  • Use email security controls that flag suspicious links, spoofing, and impersonation attempts.
  • Enable multi-factor authentication to reduce the impact of stolen credentials.
  • Restrict access from unmanaged or non-compliant devices.
  • Use password managers, which often refuse to autofill credentials on fake domains.

Security teams should also monitor for look-alike domains that imitate the organization’s brand. Early detection helps reduce the window in which attackers can abuse a fraudulent domain.

What users should check before clicking

Before clicking a link, users should look beyond the display name. Check the actual sender address, hover over links where possible, and avoid entering credentials from email links unless the destination is verified.

If a message creates pressure to act quickly, asks for payment, or requests sensitive data, confirm it through a trusted channel. A short verification step can stop a costly social engineering attack.

FAQs

No. Typosquatting uses misspelled domains, while homograph phishing uses visually similar characters or text to make a fake domain look genuine.

It can be harder on mobile because screens are smaller and apps may shorten URLs. Users should open links only from trusted sources and verify sensitive requests separately.