Security Tip of the Week

Security Tip of the Week - Homoglyph and Unicode Phishing Scams

  • Comments: 0
  • Posted by: Michaela Kunkler

In a recent scam, cybercriminals are taking advantage of homoglyphs and Unicodes in phishing emails to imitate legitimate organizations.

Keller Schroeder Security Solutions Group Logo

You may be wondering what homoglyphs and Unicodes are. Homoglyphs are letters or characters that look similar. For example, the character “e” looks similar to the character “ė”. Unicode is a unique code assigned to characters so that any platform or program can understand them. For example, the Unicode for “e” is U+0065, and the Unicode for “ė” is U+0117. Now, cybercriminals are taking advantage of homoglyphs and Unicodes in phishing emails to imitate legitimate organizations.

In a recent scam, cybercriminals send you an email that uses homoglyphs and Unicode to offer you a fake promotion. The email includes a link to log in to receive your promotion. For example, to make the email look more legitimate, cybercriminals could send the email using “N□ėt□fli□ⅹ.com” as the sender. The □ symbol indicates a Unicode character that is not supported in your internet browser, but your browser will automatically omit these unsupported characters when displaying text. In this example, the sender’s email address would display as “Nėtfliⅹ.com”. If you don’t notice the spoofed domain and enter your login credentials, cybercriminals can access your account and steal your sensitive information.

Follow the tips below to stay safe from homoglyph and Unicode scams:

  • Even if the sender’s email address appears to be from a trusted domain, the email could be fake. This technique can be used to impersonate any organization, brand, or even a person.
  • When you receive an email, stop and look for red flags. For example, watch out for text with odd spacing or characters that look strange.
  • Never click a link in an email that you aren’t expecting. If the email claims that you need to log in to your account, log in to the organization’s website directly to verify any offers or promotions.

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor Partner

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.