Homograph / IDN Attack
An attack that uses Unicode characters visually identical to standard Latin letters to register domain names that look exactly like legitimate ones.
Also known as: IDN homograph attack, Unicode domain spoofing, punycode attack
Last reviewed: 10 June 2026
Internationalised Domain Names (IDNs) allow domains to contain non-ASCII characters from scripts like Cyrillic, Greek, and Latin Extended. Many of these characters look identical to common English letters in most fonts. An attacker can register a domain where, for example, the Cyrillic 'a' replaces the Latin 'a', producing a URL that appears identical to the real site to the human eye.
Browsers address this in part by showing the underlying 'punycode' form (e.g., 'xn--') in some contexts, but many users never notice. The result is that even a careful consumer who reads the URL bar may be fooled.
Use a password manager that matches credentials to the exact registered domain — it will not autofill on a lookalike domain. Keep browsers updated as vendors continually improve homograph detection.
Examples
- A phishing site uses Cyrillic characters to register a domain visually identical to a major bank's address; users see no difference in the address bar.
- A fake cryptocurrency exchange uses a lookalike domain where one character is from the Greek alphabet.