Scam of the day – January 7, 2026 – The Rising Danger of Homograph Attacks: What You Need to Know to Stay Safe

by | Jan 6, 2026 | Scam of the day

Chances are you haven’t heard of the term, “homograph attack,” but it refers to a cyberthreat that can easily result in your becoming a victim of identity theft or a scam victim.  A homograph attack is a type of cyber attack where attackers exploit look alike characters, often from different alphabets to create misleading domain names, usernames, or URLs that appear legitimate but actually lead to malicious sites. Homograph attacks have been around since the early 2000s, but have increased dramatically since 2020 when the federal government first warned about them.  The attack starts with an email from what appears to be a legitimate source such as your bank informing you of an emergency requiring you to either click on a link or provide personal information.

Savvy people will always be skeptical whenever asked to click on a link that could contain malware or provide personal information that could lead to identity theft and the first thing we are all trained to do is to look at the email address of the sender.  If the email address of the sender has no relation to the supposed sender, you can be confident that it is a scam.  This is the case because scammers often use botnets of hacked computers  and the email addresses of innocent people to send out their phishing emails.  However, in the case of homograph attacks, the  phony email address of the sender appears amazingly similar to the real address of the company or government agency the scammers is posing as.

Homograph attacks exploit similarities between the Roman alphabet used in the English language and the Cyrillic alphabet developed for Slavic speaking people which is used in more than 50 languages including Russian.  In the example below in the real email address the Roman “a” is used while in the second phony email address the Cyrillic version is used which is easy to miss.  Similarly without even changing the alphabet, some scammers will replace a lowercase L “l” with the number “1” which can also be easily missed.

Recently scammers have been sending phishing emails posing as Microsoft and using the email address rnicrosoft.com which at first glance appears legitimate, but instead of the letter “m” at the start of the email address it uses the letters “r” and “n” which give the appearance of an “m.”

TIPS

Remember my motto, “trust me, you can’t trust anyone.”  You have to be skeptical whenever you receive an email or text message asking for personal information or requesting you to click on a link because you can never be sure if the communication is legitimate or not at initial viewing.  Always absolutely confirm whether the communication is legitimate before ever providing personal information or clicking on a link that could contain harmful malware.  Phishing emails will always make it appear that there is an emergency to which you must respond immediately, but it is important to take your time to make sure that the communication is legitimate before responding.

Also, don’t rely on your security software to totally protect you because while it is critical to have good security software on all of your devices and to keep it up to date with the latest updates, the most updated security software will not protect you from malware that exploits zero day defects which are software vulnerabilities not yet discovered.  It generally takes the security software companies about a month before to come up with defenses against the latest strains of malware.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”