What Are “Homoglyph” Attacks?

As the phrase has started becoming more widely used, it seems worthwhile to explain just what exactly “homoglyph attacks” are. It is perhaps a bit extreme to call them “attacks” as they are effectively used to deceive … especially in phishing attacks.

It boils down to using “lookalike” letters to create something that looks like a trusted name (for example, “port.ac.uk”) yet isn’t (i.e. “Ꮲοrt.ɑⅽ.υk” (it should be noted that this was created to deliberately look bad)). If a homoglyph is used within a clickable link (for example), you could naively check the link and it would appear to take you to a trusted web site but you would in fact be talking to a completely separate site.

It should be noted that we are partially protected because JANET or Jisc won’t accept just any registration within .ac.uk and certainly won’t accept anything that looks like “port”.

But it is a significant problem that is commonly used by scammers undertaking phishing attacks.

This entry was posted in General, Technical and tagged , , . Bookmark the permalink.