Homograph Attack (IDN Homograph)
Homograph Attack (IDN Homograph) 是什么?
Homograph Attack (IDN Homograph)A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye.
A homograph attack — formally an Internationalized Domain Name (IDN) homograph attack — abuses the visual similarity between characters across Unicode scripts. The domain `аpple.com` looks identical to `apple.com` in most fonts, but the leading 'а' is Cyrillic U+0430, not Latin U+0061; the punycode form is `xn--pple-43d.com`. Attackers register such lookalikes for phishing landing pages, malware delivery, and consent-phishing OAuth applications. Browsers and registrars have introduced mitigations: most TLDs restrict mixed-script registrations, Chrome/Firefox show punycode when a label mixes scripts or uses 'similar' Unicode, and DNS resolvers and email gateways flag IDN domains. Attackers have responded with single-script Cyrillic-only or Greek-only domains that bypass mixed-script checks, and with subdomain tricks (`paypal.com.attacker.xn--…`). Defenses combine browser punycode display, certificate-transparency monitoring for lookalike registrations, DMARC + brand-monitoring services, and user training that hovering over the URL reveals the real registered name.
● 示例
- 01
An attacker registers `аррӏе.com` (Cyrillic а, р, ӏ, е) and serves an Apple ID phishing page with a valid Let's Encrypt certificate for the punycode form.
- 02
A brand-protection feed monitors Certificate Transparency for newly issued certs that visually resemble the client's domain across the Unicode confusables table.
● 常见问题
Homograph Attack (IDN Homograph) 是什么?
A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye. 它属于网络安全的 攻击与威胁 分类。
Homograph Attack (IDN Homograph) 是什么意思?
A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye.
Homograph Attack (IDN Homograph) 是如何工作的?
A homograph attack — formally an Internationalized Domain Name (IDN) homograph attack — abuses the visual similarity between characters across Unicode scripts. The domain `аpple.com` looks identical to `apple.com` in most fonts, but the leading 'а' is Cyrillic U+0430, not Latin U+0061; the punycode form is `xn--pple-43d.com`. Attackers register such lookalikes for phishing landing pages, malware delivery, and consent-phishing OAuth applications. Browsers and registrars have introduced mitigations: most TLDs restrict mixed-script registrations, Chrome/Firefox show punycode when a label mixes scripts or uses 'similar' Unicode, and DNS resolvers and email gateways flag IDN domains. Attackers have responded with single-script Cyrillic-only or Greek-only domains that bypass mixed-script checks, and with subdomain tricks (`paypal.com.attacker.xn--…`). Defenses combine browser punycode display, certificate-transparency monitoring for lookalike registrations, DMARC + brand-monitoring services, and user training that hovering over the URL reveals the real registered name.
如何防御 Homograph Attack (IDN Homograph)?
针对 Homograph Attack (IDN Homograph) 的防御通常结合技术控制与运营实践,详见上方完整定义。
Homograph Attack (IDN Homograph) 还有哪些其他名称?
常见的别称包括: IDN homograph attack, Unicode lookalike domain。
● 相关术语
- attacks№ 917
网络钓鱼
一种社会工程攻击,攻击者冒充可信方,诱骗受害者泄露凭据、转账或运行恶意软件。
- attacks№ 1308
拼写抢注 (Typosquatting)
注册与合法域名或软件包名极为相似的拼写错误版本或视觉仿冒名,以利用用户或开发者的输入和识别错误。
- attacks№ 296
域名抢注 (Cybersquatting)
未经授权注册含有他人商标或知名品牌名的域名,通常以向权利人勒索高价或欺骗用户为目的。
- attacks№ 1191
鱼叉式网络钓鱼
针对特定个人或组织、利用事先收集的个人或职业信息精心定制的钓鱼攻击。
- attacks№ 386
域名暗影攻击(Domain Shadowing)
攻击者入侵合法域名所有者的注册商账户,在受信任的父域下悄悄创建恶意子域名的攻击手法。
- attacks№ 417
电子邮件欺骗
伪造邮件头使邮件看似来自可信发件人,通常用于钓鱼、欺诈或投递恶意软件。