A homoglyph domain uses characters that look identical or nearly identical to characters in a trusted name. The letters may come from different writing systems or use Unicode forms that are difficult to distinguish in a browser, message or mobile display. ICANN describes homograph spoofing as exploiting the visual resemblance of characters and symbols.
The CyberRiskEvaluator Typosquatting Domain Evaluator can support the broader search for deceptive domain variations. Homoglyph analysis adds a visual and internationalized-domain perspective that ordinary keyboard-typo generation may miss.
Identify plausible lookalikes, inspect the exact character representation and treat every result as an investigation lead rather than a verdict.
Check a DomainA homoglyph is a character that resembles another character. A homograph attack uses visually similar strings to create confusion. Internationalized Domain Names allow non-ASCII characters, while Punycode is the ASCII-compatible representation commonly beginning with “xn--” for an internationalized label.
IDNs are legitimate and important for global language access. The security issue is not the existence of Unicode domains; it is the deceptive use of characters or scripts to imitate another identity.
Attackers do not need internationalized characters to create confusion. Lowercase “l,” uppercase “I,” the number “1,” the letter “o,” the number “0,” and combinations such as “rn” versus “m” can look similar in certain fonts.
This means a mature lookalike review should consider ASCII substitutions, font rendering, mobile truncation and the surrounding URL—not only mixed-script IDNs.
Take care when copying from formatted documents because applications may normalize or visually transform characters. Preserve the original message or file for evidence.
Browsers and registries apply various display and registration policies, but no interface can remove every deceptive possibility. A domain may use a same-script lookalike, a non-IDN spelling trick or a misleading subdomain that remains visually persuasive.
Encourage users to navigate through bookmarks, password managers and known portals instead of clicking unsolicited login links. Password managers are particularly useful because they match credentials to the exact saved origin rather than the logo displayed on a page.
The number of possible Unicode and visual substitutions can become enormous. Focus on candidates that are registered, active, observed in messages, associated with email, or closely aligned with a valuable process.
ICANN material has noted that IDN homograph risk should be kept in perspective relative to the wider universe of misleading domains. Do not let exotic possibilities distract from more common misspellings, added words and compromised legitimate sites.
Block confirmed deceptive domains, report abuse with evidence and investigate user interaction. For important brands, consider monitoring both Unicode display forms and ASCII/Punycode representations.
Publish official domains, use phishing-resistant authentication and reduce reliance on clicked links for sensitive workflows. The goal is not to make every user a Unicode expert; it is to design systems that remain safe when visual inspection fails.
It is a domain containing characters that visually resemble those in another domain, potentially causing users to confuse the two.
Punycode is an ASCII-compatible representation used for internationalized domain labels and often appears with the prefix xn--.
No. IDNs support legitimate languages and users worldwide. Risk arises when visually similar characters are used deceptively.
Yes. Characters and combinations within the Latin alphabet and numbers can also appear similar in certain fonts.
Inspect the exact registrable domain, view its Punycode representation, compare characters and scripts, and use passive technical evidence before visiting it.
Discover plausible typo, lookalike and impersonation domains around a trusted web address, then prioritize the candidates that deserve investigation.
Analyze Your DomainThe following external resources provide additional context on typosquatting, adversary-owned domains, impersonation and internationalized-domain homographs.
Content reviewed on 14 July 2026. Domain similarity is not proof of malicious intent. Legal disputes should be reviewed by qualified counsel, and suspicious infrastructure should be investigated through approved security procedures.