Homograph Attack (IDN Homograph).

A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye. Cette notion relève de la catégorie Attaques et menaces en cybersécurité.

A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye.

A homograph attack — formally an Internationalized Domain Name (IDN) homograph attack — abuses the visual similarity between characters across Unicode scripts. The domain `аpple.com` looks identical to `apple.com` in most fonts, but the leading 'а' is Cyrillic U+0430, not Latin U+0061; the punycode form is `xn--pple-43d.com`. Attackers register such lookalikes for phishing landing pages, malware delivery, and consent-phishing OAuth applications. Browsers and registrars have introduced mitigations: most TLDs restrict mixed-script registrations, Chrome/Firefox show punycode when a label mixes scripts or uses 'similar' Unicode, and DNS resolvers and email gateways flag IDN domains. Attackers have responded with single-script Cyrillic-only or Greek-only domains that bypass mixed-script checks, and with subdomain tricks (`paypal.com.attacker.xn--…`). Defenses combine browser punycode display, certificate-transparency monitoring for lookalike registrations, DMARC + brand-monitoring services, and user training that hovering over the URL reveals the real registered name.

Les défenses contre Homograph Attack (IDN Homograph) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : IDN homograph attack, Unicode lookalike domain.