Homograph Attacks: Beware of Fake Senders
Homograph attacks consist of imitating a trusted email address by changing a single letter or character in the domain.
These tiny modifications easily fool the human eye and can mislead even the most attentive users.
Common examples:
contact@solution-it.nc→contact@soIution-it.nc(the “l” replaced by a capital “I”)support@entreprise.com→support@entrepr1se.com(the “i” replaced by a “1”)contact@solution-it.nc→contact@solutіon-it.nc(the Latin “i” replaced by a Cyrillic “і”, visually identical)
Example of homographic characters#
| Character (Latin) | Original alphabet | Homograph | Homograph alphabet |
|---|---|---|---|
| a | Latin | а | Cyrillic |
| i | Latin | і | Cyrillic |
| o | Latin | ο | Greek |
| p | Latin | р | Cyrillic |
Why is this dangerous?#
- You believe you are communicating with a legitimate partner.
- You may end up clicking on a malicious link, sharing sensitive credentials, or opening an infected attachment.
- Consequences range from data leaks to financial theft.
Best practices to protect yourself#
- Check the sender carefully: a single character difference may reveal an attack.
- Hover over links before clicking to see the real URL.
- Enable multi-factor authentication (MFA) to reduce risks.
- Report any suspicious address to your IT support or provider.
- Train your teams regularly to spot this type of fraud.
In summary#
These attacks exploit our visual habits and trust.
With vigilance and good practices, you can greatly reduce the risks.