The Homograph Illusion Not Everything Is As It Seems #1191
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🔗 Additional ContextOriginal Blog Post: https://unit42.paloaltonetworks.com/homograph-attacks/ Content Categories: Based on the analysis, this content was categorized under "generic-methodologies-and-resources/phishing-methodology/homograph-attacks.md". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
|
merge |
carlospolop
deleted the
update_The_Homograph_Illusion__Not_Everything_Is_As_It_Se_20250726_013005
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
Executive Summary
Since the inception of email, homograph attacks have been a prevalent method of initial access and malware distribution. Attackers replace Latin characters with visually identical non-Latin Unicode homoglyphs—such as Greek
Η(U+0397) for ‘H’ and Cyrillicо(U+043E) for ‘o’—to evade automated filters and deceive users by fabricating legitimate-looking display names, subjects, headers and URLs.Wha...
🔧 Technical Details
Homograph Substitution Attack:
Non-Latin Unicode homoglyphs from scripts like Cyrillic (e.g., 'а' U+0430), Greek (e.g., 'Η' U+0397), Armenian (e.g., 'Տ' U+054F) or Cherokee (e.g., 'Ꭲ' U+13A2) replace Latin letters in display names, subjects and domains to bypass content filters and visually impersonate trusted entities.
Multi-Stage Phishing Chain with Custom CAPTCHA and OTP:
Attackers craft emails with homograph-manipulated names and subjects, e...
🤖 Agent Actions
Added in-depth coverage of Unicode homograph/homoglyph phishing techniques:
Created new file:
• src/generic-methodologies-and-resources/phishing-methodology/homograph-attacks.md
– Explains technique, Unicode ranges, detection logic with Python examples, mitigation steps, and real-world case studies.
– Includes reference section with Unit42 blog and related resources.
Updated existing Phishing Methodology page:
• Inserted cross-reference link right after the “Homoglyph” bullet under Domain Name Variation Techniques so readers can easily access the new detailed guide.
These updates enrich HackTricks with practical detection and mitigation strategies for homograph-based phishing attacks.
✅ Review Checklist
This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.