Homograph attacks are cyberattacks in which the hacker creates a URL meant to mimic that of a legitimate website to trick users into visiting it instead. It can also include creating fraudulent files and posing to be from a trustworthy sender.
These attacks intend to deceive the victims into using the fraudulent link or accepting the malicious files without a second thought. They range in complexity, from the ones the users can easily spot to more advanced ones that even trained eyes can miss.
One type of homograph attack involves changing the font type on one letter in the URL, like changing the Cyrillic font to Latin. This can fool the average user but is obvious to the cybersecurity expert.
The kind of homograph attack that can pose a tough challenge even for experts is an attack based on IDN (international domain name). These are harder to distinguish from legitimate domains.
How to stay safe from a homograph attack
- Ensure your browser is always up-to-date because most homograph attacks flow through browsers.
- If a website isn’t using SSL and HTTPS certificates, do not submit any data to the website. Also, ensure trustworthy certified authorities issue the certifications.
- Avoid clicking on messages, links, attachments, or starting downloads without first verifying the link’s legitimacy. A great way to check this is to enter the site’s URL on Google to see what results it brings.
