🆔 Homograph Attack Defender

Learn to spot Internationalized Domain Name (IDN) spoofing

What is a Homograph Attack?

Homograph attacks (also called Homoglyph attacks) exploit visually similar characters from different scripts (like Latin vs. Cyrillic or Greek) to create deceptive domain names.

Attackers register domains using Punycode (prefixed with xn--). To the computer, xn--80ak6aa92e.com is a unique address, but to your browser, it renders as apple.com.

Common Substitution Types

Visual Spoof Legitimate Technique
micrоsоft.com microsoft.com Cyrillic 'о'
paypaӏ.com paypal.com Cyrillic 'ӏ' (palochka)
tωitter.com twitter.com Greek 'ω'

🛡️ How to Protect Yourself

Visual inspection is unreliable (as you will see in the training). Use these technical methods instead:

🏆 1. Use a Password Manager The "Silver Bullet." Password managers bind your credentials to the specific URL. If you land on a fake site, it won't autofill.
📋 2. The Copy-Paste Test Copy the URL from the address bar and paste it into Notepad. If it turns into xn--..., it is a homograph attack.
🔒 3. Ignore the Lock Icon Attackers can buy SSL certificates too. A lock icon only means the connection is encrypted, not that the site is honest.
📱 4. Mobile: Long Press On phones, long-press a link before clicking. The preview often reveals the hidden Punycode URL.

🔍 Domain Inspector

Paste a suspicious domain below to reveal hidden characters.

Try these examples:

Score: 0 1 / 5

Is this domain SAFE or FAKE?

Look closely at the characters.

...