Homograph Attack — One of the Deceptive Hacking Attacks

Homograph Attack is an effective way to deceive online users. Malicious users used this attack in phishing and impersonating.

Example:
One of the domains below is fake. Can you spot the bogus domain?

mеdium.com
medium.com

Well, the first one is the fake medium domain because the letter ‘е’ in the first domain is a Cyrillic character.

Sample Scenario:

How to prevent this issue?

The better way to identify if the domain has a non-latin character is to implement a “Redirect Notice”. It is a confirmation page that shows the URL where users will be redirected.

Below is the Screenshot of Redirect Notice on HackerOne after clicking the fake medium domain.

The Image above shows the real url of bogus medium domain.

Homograph Attack is not just for domain only but it is also possible in ‘Username’ for impersonation.

Interestingly, Facebook doesn’t have redirect notice but they do have a malicious link notice.

Aj Dumanhug

Written by

PSM in Cybersecurity Student

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade