Homoglyphs are characters that
love each other very much look strikingly similar to each other.
Can you quickly tell the difference between these two - O0? That's The capital letter "o" and the number 0. How about Il1|? Depending on the font used - and your attention to detail, it may be hard to spot the difference between all three.
Τһⅰѕ ｔｅｘｔ ｍａｙ ｌｏоｋ ｌｉｋе ⅰｔ ⅽоｎｔаｉｎｓ ｎοｒⅿａｌ Ｅｎｇⅼіｓһ ϲһａｒаϲｔｅｒѕ ‐ ｂｕｔ іｔ ⅾｏｅѕ ｎоｔ．
Іt's fairly оbvious in the above that something fishу is going on‚ but in this sentence it's more ѕubtle.
What Can Be Done With This
You'll often find spammers using homoglyphs in an attempt to evade filters - it's not uncommon to see subject lines touting cut price "νⅰａｇｒа" - easy for a human to read, hard for a computer to check against a "banned words" list.
Finally, fraudsters can take advantage of these character to create domains like "pａypａl.com" and similar.
There are three main defences against this.
- Use a font which easily disambiguates between homoglyphs.
- Be vigilant! Look out for weird spacing and odd looking characters.
- Website owners should detect "unusual" characters and either refuse to display them, or ensure that they are displayed in a visually distinct style.
For sites primarily in English, it's relatively easy to spot non ASCII characters - but for those sites which require Unicode it's much more difficult and is the subject of much academic research.
Stay safe out there!