Homograph Phishing: Spoofing URLs with Similar Characters

Understanding Homograph Phishing

• 💡 Homograph phishing is a social engineering technique that tricks users into believing they are interacting with a trusted entity.
• 🎯 It specifically involves using similar-looking characters in a phishing URL to spoof a legitimate website.

The Role of Unicode

• 🧠 Unicode is an encoding standard that supports over 144,000 characters, enabling text display in many languages.
• ⚠️ Homograph or homoglyph attacks exploit this by using similar-looking Unicode characters to create deceptive fishing URLs.
• 🔍 A common example is replacing the letter O with the number zero, often referred to as typo squatting.

Advanced Homograph Attacks

• 🚀 More sophisticated attacks use international domain names (IDNs) to insert characters from different languages into URLs.
• 🎭 For instance, the Latin letter 'O' and the Cyrillic letter 'O' appear identical but have different underlying Unicode, leading to different sites.
• ⚠️ While requiring more effort than typo squatting, these IDN homograph attacks are achievable by highly motivated threat actors.
• 🚫 Most modern browsers are moving away from displaying the Unicode name and instead use the ASCII code, making these attacks less common but still viable for sophisticated attackers.

Nerd Reference: Mission Impossible

• 🎭 The Mission Impossible franchise is referenced, where rubber face masks are used to impersonate individuals.
• 🧩 These masks are likened to homographs, allowing IMF members to appear as trusted colleagues to fish for information from targets.