Cybersecurity: Homograph Attacks

Mon, 11/20/2017 - 4:05pm

The domain you are visiting online, may not actually be the website you were thinking it was. According to The Register homograph attacks, although not new, are still an issue in modern-day web-browsing. This may not be on your radar, but it is definitely something to be aware of as we continue to live in our online world. Here is what you need to know about homograph attacks, and how to protect yourself.

What is a homograph attack?

According to Malwarebytes Labs, “A homograph attack is a method of deception wherein a threat actor leverages on the similarities of character scripts to create and register phony domains of existing ones to fool users and lure them into visiting. This attack has some known aliases: homoglyph attack, script spoofing, and homograph domain name spoofing.” An example of this is using the Latin alphabet to spoof the letters in a common English domain, e.g. or

How does this affect me?

Cybercriminals are using non-English characters to mimic common English domains in order to trick users. Homograph attacks use a fake, yet believable website to lure you in. These sites are created for phishing, fraudulent purposes, or to introduce malware onto your system. The issue is that every browser builder, certificate authority and registrar have global customers – making their systems and you a potential target.

How can I protect myself?

Here are a few tips from Malwarebytes Labs to help protect yourself.

  1. Regularly update your browser (They may be your first line of defense against homograph attacks)
  2. Confirming that the legitimate site you’re on has an Extended Validation Certificate (EVC).
  3. Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring that the visible link is indeed the true destination.

It boils down to being aware of what you click on, before you click on it. Always hover over a link before you proceed to click on the link.

To receive more posts like this direct to your inbox, please subscribe.