How Homoglyph Attacks Deceive Internet Users
[One for the hackers out there. Yes, but the deeper you go into the origins of this term, the clearer becomes its potential as a brand with wider appeal. It’s a gorgeous word even if you didn’t know the meaning, but let’s dig into the meaning of the word to help make the brand proposition a little clearer..
The term ‘homoglyph’ is of Greek origin, stemming from the earliest writings of Western civilization, where books were laboriously copied out by hand. It basically means a character that appears almost identical to another character.
In writing, this typically translates to a letter that looks like another letter, but the term is also used in architecture to refer to any kind of mark (a line etched into a facade, a symbol carved on a door).
How does a H0m0glYpН work?
Hack-minded actors take advantage of such similarities to trick internet users into visiting a more ‘artisanal’ version of a well-known site, syphoning off traffic and engagement intended for the authentic version of the website.
As regards the mechanics of how this works, let’s first take an example of a homoglyph..
The English letter ‘а’ and the Russian Cyrillic letter ‘а’. Given the font used to publish this text you’re reading and our ‘pair’ selection, you should be able to discern a slight difference between the English letter and its Russian homoglyph.
Spotting them is really quite a tricky business and there are far harder tо detect homoglурhs out there. In fact, the last sentence contains three homoglyph ‘pairs’, with the alternate Cyrilic script letter in each drawn from: Macedonian, Ukrainian and Mongolian.]
Talking about infinitesimals
Taking the above example, the English ‘a’ is just a little squatter than its taller, ever so slightly more elegant Eastern European counterpart. The Russian print is also touch thinner, and the teensiest bit more scrawling by comparison. But as you can(not) see, we’re really talking about infinitesimals here. If we’ve managed to distinguish difference, it may be because we’ve spent the past minute talking a closer look.
But as internet users, we rarely dedicate this much time to such things. We give a domain name just a blink of an eye. We look, click/skip..
The Amazon Test
How about this domain name then: amazon.com?
If seen outside the context of this article, would you be likely to click? Do you think you’d spot what’s up in that instant when you are being redirected to the site?
Can you tell which of the letters ‘a’ in ‘amazon’ is the Russian one?
Yes? You caught it?
Now how about amаzon.com? See which one has been switched out in that one?
Homoglyph Attacks: Ripping off the Original
Such a dodgy move is known as a ‘homoglyph attack’. And because there are so many different languages from you which you can create a domain name, these Internationalized Domain Names (IDNs) are used to trick users into believing they have visited a popular site.
Efforts to deceive in this way can be augmented by using the same template as the original site and even consistently updating the content site in line with changes made to the original. It may look, smell and even taste like your brand, but it is but an elaborate ripoff of the original.
If domains, are digital real estate, visiting a simple homoglyph trick site is falling asleep on the flight and land in a dark and wintery Newcastle, UK rather than the bright Newcastle, Australia. Whereas visiting a shrewdly crafted replica site is to fly through the multiverse and land somewhere that looks as you’d expect, with no reason for you to think otherwise. (Who knows, maybe it happened to you the last flight you took!)
Avoid placing a question mark over your brand
If you’re a big player, you likely get such savvy swipe sites shut down pretty quickly, but new language scripts regularly become available to use in your domain name, and it’s really an ongoing battle.
It also forces you to think about the broader issues of branding off a substandard domain name.
While owning the exact match of your brand in the most relevevant extension for your niche will not ward off homoglyph attacks, not owning it will naturally carry a certain risk. A risk that is part brand defensive and part technical defensive. Because if there’s already a little question mark in the user’s mind over which exact URL is yours, this affords would-be tricksters and wannabes a tiny little pinhole portal into the user activity. A tiny hold into your branding space.
And, as noted, all one needs are infinitesimals.
Russian Ball Bearings
Entering into this mindset also helps firms understand why even the slightest difference in a domain name can make or break you. One letter can stand between you and untold glory and riches!
When you first start domaining, you also don’t fully get it. You are necessarily strict with your acquistions, but sometimes you’ll let a domain slip into your portfolio simply because it’s ‘good enough’ or worth a try. Which it nearly always is not.
Even if there was no company or brand history attached, amazon.com would be at least a 7-figure name. Whereas amxzon.com, amazxn.com should be binned at the earliest opportunity.
For both the buyer and the seller of a domain, one letter can stand between you and untold glory and riches!
In the months following the invasion of Ukraine, trains across the length and breadth of Russia were grinding to a halt — because they didn’t have enough ball bearings to remain operational.
Hugely complex, hulking machines made of thousands of components of metal, plastic, glass and everything besides. Parked in the terminals of the most vast overland transport network ever created by a single country.