Social engineering continues to be one of the most common cyber-attack strategies. Cybercriminals are constantly evolving their tactics to phish for personal information or to get control of a device. One such tactic is called “homograph” or “homoglyph phishing”.
Visually Deceptive Phishing
Homograph or homoglyph phishing is a method of attack that involves using visually similar characters to spoof legitimate websites or email addresses. Hackers attempt to trick people into clicking on malicious links by exploiting subtle visual differences in characters/letters that are easily overlooked. In the below image, “a” has been substituted with a non-standard character.
Other examples include:
- Adding or changing a character
- Substituting the number “1” for a lowercase “I”
- Substituting a lowercase “L” in place of an uppercase “I”
- Using a zero instead of an upper or lowercase letter “O”
Malicious actors also use Unicode characters to spoof website and email addresses with identical looking characters. Unicode is a global standard that provides a unique number for every character from modern and ancient writing systems as well as technical symbols and punctuation. It is the basis for processing, storage and handling of text data. The following chart illustrates potential substitutions for a lowercase “a:”
Replacements of identical looking characters via Unicode substitutions may be impossible to spot, which is why it is NEVER safe to click on links received on text messages and emails.
Security Best Practices
- Never click on links in emails or text messages.
- Always open a browser and type the website address instead of clicking on a link.
- After you type a website address that you frequently visit, bookmark it or add it to favorites.
- Be suspicious of all unsolicited emails and text messages.
Carefully check app names, website addresses and email addresses. Beware of slight changes that mimic legitimate websites.