Homograph Attack is an effective way to deceive online users. Malicious users used this attack in phishing and impersonating.
One of the domains below is fake. Can you spot the bogus domain?
Well, the first one is the fake medium domain because the letter ‘е’ in the first domain is a Cyrillic character.
How to prevent this issue?
The better way to identify if the domain has a non-latin character is to implement a “Redirect Notice”. It is a confirmation page that shows the URL where users will be redirected.
Below is the Screenshot of Redirect Notice on HackerOne after clicking the fake medium domain.
Homograph Attack is not just for domain only but it is also possible in ‘Username’ for impersonation.
Interestingly, Facebook doesn’t have redirect notice but they do have a malicious link notice.