Security Glossary
Homoglyph Domain
A homoglyph domain uses characters that look visually identical to your brand name but are actually different Unicode characters — making them nearly impossible to detect by eye.
How Homoglyph Attacks Work
Unicode includes thousands of characters from different writing systems. Many look identical or nearly identical to Latin letters:
- Cyrillic а (U+0430) looks like Latin a (U+0061)
- Greek ο (U+03BF) looks like Latin o (U+006F)
- Cyrillic е (U+0435) looks like Latin e (U+0065)
- Cyrillic с (U+0441) looks like Latin c (U+0063)
Attackers combine these to create domains like аррlе.com (all Cyrillic) that display identically to apple.com in most browsers.
IDN and Punycode
Internationalized Domain Names (IDN) allow non-ASCII characters in domains. These are encoded using Punycode for DNS resolution. A homoglyph domain like аpple.com becomes xn--pple-43d.com in Punycode — revealing its true nature.
Modern browsers often display Punycode for suspicious mixed-script domains, but attackers adapt by using consistent scripts or targeting specific TLDs with lenient IDN policies.
Why Homoglyphs Are Dangerous
- Invisible to users: Visual inspection cannot detect the substitution
- Bypass blocklists: Each Unicode variant is a different domain
- SSL certificates available: Attackers can get valid HTTPS certificates
- Email spoofing: Homoglyph domains enable convincing phishing emails
How Impersona.io Detects Homoglyphs
Impersona.io automatically generates homoglyph variants of your protected domains using multiple character sets (Cyrillic, Greek, Latin Extended, and more). Each variant is checked against live DNS and Certificate Transparency logs to detect active threats.
Frequently Asked Questions
What is a homoglyph domain?
A homoglyph domain uses characters that look identical or nearly identical to Latin letters but are actually different Unicode characters. For example, using Cyrillic "а" (U+0430) instead of Latin "a" (U+0061) in a domain name.
How do homoglyph attacks work?
Attackers register domains using visually similar characters from different alphabets. To users, "аpple.com" (with Cyrillic а) looks identical to "apple.com" (with Latin a) in many fonts, but they are completely different domains.
How can I detect homoglyph domains?
Homoglyph detection requires analyzing domain names at the Unicode level, not just visual inspection. Impersona.io automatically checks for homoglyph variants of your brand across multiple character sets.
Related Terms
Detect homoglyph domains targeting your brand
Run a free brand check to find homoglyph and other lookalike domains impersonating your brand.