Homograph Attack (IDN Homograph).

A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye. Pertence à categoria Ataques e ameaças da cibersegurança.

A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye.

A homograph attack — formally an Internationalized Domain Name (IDN) homograph attack — abuses the visual similarity between characters across Unicode scripts. The domain `аpple.com` looks identical to `apple.com` in most fonts, but the leading 'а' is Cyrillic U+0430, not Latin U+0061; the punycode form is `xn--pple-43d.com`. Attackers register such lookalikes for phishing landing pages, malware delivery, and consent-phishing OAuth applications. Browsers and registrars have introduced mitigations: most TLDs restrict mixed-script registrations, Chrome/Firefox show punycode when a label mixes scripts or uses 'similar' Unicode, and DNS resolvers and email gateways flag IDN domains. Attackers have responded with single-script Cyrillic-only or Greek-only domains that bypass mixed-script checks, and with subdomain tricks (`paypal.com.attacker.xn--…`). Defenses combine browser punycode display, certificate-transparency monitoring for lookalike registrations, DMARC + brand-monitoring services, and user training that hovering over the URL reveals the real registered name.

As defesas contra Homograph Attack (IDN Homograph) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.

Nomes alternativos comuns: IDN homograph attack, Unicode lookalike domain.