Web application developer Xudong Zheng is sounding the alarm about a new and particularly hard-to-spot kind of phishing attack. It takes advantage of a feature in Chrome, Firefox and Opera that enables the browsers to use foreign characters in domain names. So, for example, https://www.xn--80ak6aa92e.com/ looks like https://www. аpple.com in the browser bar. “It may not be obvious at first glance, but ‘аpple.com’ uses the Cyrillic ‘а’ (U+0430) rather than the ASCII ‘a’ (U+0061),” Zheng writes. “This is known as a homograph attack.”
Zheng set up a proof-of-concept site to demonstrate how phishing attackers could have used the technique to send visitors to a malicious site.
Microsoft Edge and Internet Explorer are not susceptible to the technique because they do not have support for Cyrillic languages. Apple’s Safari browser is also immune.
The original home of HTML tutorials. HTMLGoodies is a website dedicated to publishing tutorials that cover every aspect of being a web developer. We cover programming and web development tutorials on languages and technologies such as HTML, JavaScript, and CSS. In addition, our articles cover web frameworks like Angular and React.JS, as well as popular Content Management Systems (CMS) that include WordPress, Drupal, and Joomla. Website development platforms like Shopify, Squarespace, and Wix are also featured. Topics related to solid web design and Internet Marketing also find a home on HTMLGoodies, as we discuss UX/UI Design, Search Engine Optimization (SEO), and web dev best practices.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
