Back to All Posts

Homoglyph attacks - and why you shouldn't trust your lying eyes

Can You Spot the Fake? The Hidden Danger of Homoglyph Domains

Most people think they'd never fall for a fake website. But here's a quick test:

PayPal.com vs РауPal.com
Google.com vs Gооgle.com
Netflix.com vs Netflіx.com
Apple.com vs Αpple.com

They look identical, right?
Well, they're not.


🧠 Wait, these are NOT the same letters?

What you just saw is a type of deception known as a homoglyph attack.
Attackers register domain names using characters from other alphabets, Cyrillic, Greek, Armenian, and others that look exactly like Latin letters.

Your eyes see familiar brand names like "PayPal" or "Google".
Your browser, however, sees completely different Unicode characters.

For example:

Looks like Actually uses Alphabet
РауPal.com "Р" and "у" Cyrillic
Gооgle.com "о", "о" Cyrillic
Netflіx.com "і" Cyrillic
Αpple.com "Α" Greek

These deceptive domains are often used in phishing campaigns to trick users into entering their passwords, credit card info, or even two-factor authentication codes.


To understand the context/what's going on a bit better , I'll try to give the shortest history lesson ever 😎

🧠 What's Actually Going On?

(or: 📜 A Brief History of Look-Alike Letters)

Because the Greek alphabet is the ancestor of both Latin (used in English and most Western languages) and Cyrillic (used in Russian, Ukrainian, Belarusian and a few other languages), they all share some letters. Some of them are equivalents, like "A" looks the same in all three alphabets, while some other ones like "H", represent different sounds ("H" in Cyrillic and Greek corresponds to "N" in Latin script)

That's why the capital letters, A, B, E, P, O, X, H, appear almost identical across them.

Here's a quick comparison:

Latin Greek Cyrillic Same visual form?
AΑА
BΒВ
EΕЕ
PΡР
OΟО
HΗН
XΧХ

That ancient resemblance is what modern attackers exploit with homoglyph domains.
Our ancestors shared an alphabet, today's phishers share their lookalikes 😆


These deceptive domains are often used in phishing campaigns to trick users into entering their passwords, credit card info, or even two-factor authentication codes.


⚙️ Why Homoglyph Attacks Work?

Because your brain doesn't read every letter like a computer, you recognize shapes, computer reads characters by their encoding.
For you and me, Both Latin "A" and Cyrillic "А" are the same letters, for a computer, they're not. That's why someone can register a domain called "Aррle.com" (using Cyrillic "A" and "р"), because, technically, they're not the same as "Apple.com" (which used all of the Latin letters).

That's why these fake domains work so well, even on experienced users.
They pass a quick visual scan and often appear legitimate in ads, social media posts, and even emails.


🚨 Real-World Impact

Homoglyph attacks have been used in:

  • Fake login portals for PayPal, financial sites and banks.
  • Malicious ads on search engines ("Sponsored" results).
  • Spoofed emails that appear to come from trusted brands.

Sometimes the difference between a safe login and a stolen account is a single Cyrillic letter.


🛡️ How BrandCat Stops Them

BrandCat automatically scans the web for domains that look visually similar to your brand, even if they use foreign scripts or Unicode tricks.

Our system detects and flags:

  • Homoglyph domains (Cyrillic, Greek, etc.)
  • Typosquats (like "Gooogle.com", "ThePayPal.com")
  • Misspelled subdomains and copycat websites
  • We even check for the first page website content, just in case someone copied your entire landing page to make it look like yours.. but more on that in some other post 😉

This helps companies catch phishing setups and brand impersonations before they go live.


✅ What You Can Do

  1. Register obvious look-alike domains (defensive registration).
  2. Use browsers that warn about suspicious Unicode usage.
  3. Train your team to inspect URLs carefully.
  4. Monitor new domain registrations related to your brand, or let BrandCat do it automatically.

✍️ Final Thoughts

Next time you see a familiar domain, look twice.
Your brain might see "Google", but Unicode might be showing you something entirely different.