{"id":10354,"date":"2026-03-31T07:10:48","date_gmt":"2026-03-31T07:10:48","guid":{"rendered":"https:\/\/www.quickheal.co.in\/knowledge-centre\/?p=10354"},"modified":"2026-03-31T11:50:05","modified_gmt":"2026-03-31T11:50:05","slug":"homoglyph-attacks-how-lookalike-characters-are-exploited-for-cyber-deception","status":"publish","type":"post","link":"https:\/\/www.quickheal.co.in\/knowledge-centre\/homoglyph-attacks-how-lookalike-characters-are-exploited-for-cyber-deception\/","title":{"rendered":"Homoglyph Attacks: How Lookalike Characters Are Exploited for Cyber Deception"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"10354\" class=\"elementor elementor-10354\">\n\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e6b5a32 e-flex e-con-boxed e-con e-parent\" data-id=\"e6b5a32\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e6a578f elementor-widget elementor-widget-text-editor\" data-id=\"e6a578f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.16.0 - 17-10-2023 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<div class=\"single-post-content\">\n<h3><u>Table of Contents<\/u><\/h3>\n<ul>\n<li>Introduction<\/li>\n<li>What is a Homoglyph Attack?<\/li>\n<li>Practical Homoglyph Confusable\n<ul>\n<li>Practical Homoglyph Confusable Table<\/li>\n<\/ul>\n<\/li>\n<li>Why Homoglyph Attacks Are Effective<\/li>\n<li>Common Homoglyph Use Cases and Attack Vectors<\/li>\n<li>Real-World Examples and Campaign Patterns<\/li>\n<li>Technical Deep Dive \u2014 Unicode, IDNs, and Punycode\n<ul>\n<li>Unicode and Scripts<\/li>\n<li>IDNs and Punycode<\/li>\n<li>Mixed Scripts and Confusable<\/li>\n<\/ul>\n<\/li>\n<li>Attack Flow \u2014 Step-by-Step<\/li>\n<li>Why Detection Can Fail \u2014 Subtle Technical Pitfalls<\/li>\n<li>MITRE ATT&amp;CK Mapping (High-Level)<\/li>\n<li>Defensive Measures and Operational Recommendations\n<ul>\n<li>Policy and Governance<\/li>\n<li>Technical Controls<\/li>\n<li>Operational Practices<\/li>\n<\/ul>\n<\/li>\n<li>Best-Practice Checklist<\/li>\n<li>Emerging Trends to Watch<\/li>\n<li>Conclusion<\/li>\n<\/ul>\n<h3>Introduction<\/h3>\n<p>You glance at a URL, see a familiar brand name, and click \u2014 only to hand your credentials to an attacker. That tiny visual mistake (an \u201co\u201d that\u2019s actually a Greek omicron, a lowercase \u201cl\u201d replaced by a capital \u201cI\u201d) is exactly what homoglyph attacks exploit. Homoglyphs are visually similar characters from different character sets (Latin, Cyrillic, Greek, full-width forms, etc.). When attackers swap characters in domains, filenames, message display names, or code, humans \u2014 and often automated defences \u2014 are fooled.<\/p>\n<p>Homoglyph attacks are a low-cost, high-impact deception technique. They are used for phishing, brand impersonation, malware distribution, supply-chain confusion, and bypassing simplistic detection rules. This blog explains the technical mechanics (Unicode, IDNs, Punycode), how attackers operationalize homoglyphs, detection and hunting approaches, real-world usage patterns, MITRE mapping, and practical defences \u2014 including how layered protections like Quick Heal \/ Seqrite help.<\/p>\n<h3>What is a homoglyph attack?<\/h3>\n<p>A homoglyph is a character that looks like another character. For example:<\/p>\n<ul>\n<li>Latin a (U+0061) vs Cyrillic \u0430 (U+0430)<\/li>\n<li>Latin o (U+006F) vs Greek \u03bf (omicron, U+03BF)<\/li>\n<li>Latin I (capital i, U+0049) vs lowercase l (ell, U+006C) vs Cyrillic \u0406 (U+0406)<\/li>\n<\/ul>\n<p>A homoglyph attack replaces one or more characters in an identifier (domain, filename, email display name) with visually confusable alternatives to impersonate a trusted resource. When used in Internationalized Domain Names (IDNs), these domains are represented in ASCII using Punycode (the xn-- prefix) but often rendered in browsers using the original Unicode characters \u2014 giving an authentic-looking URL to users.<\/p>\n<h3><em style=\"\">A quick Punycode example (conceptual, anonymized):<\/em><\/h3>\n<p>Displayed domain:&nbsp; g\u03bfogle-example[.]com&nbsp;&nbsp;&nbsp; (Greek omicron used instead of Latin \u2018o\u2019)<\/p>\n<p>Punycode (ASCII):&nbsp; xn--gogle-example-abc[.]com<\/p>\n<h3>Practical Homoglyph Confusable<\/h3>\n<p>Homoglyph attacks exploit visually similar characters from different language scripts such as Latin, Cyrillic, and Greek. These lookalike letters can deceive users, spoof trusted domains, and even bypass some automated filters.<\/p>\n<p>Below is a quick reference showing commonly abused homoglyph pairs seen in phishing and impersonation campaigns.<\/p>\n<h3>Practical Homoglyph Confusable Table<\/h3>\n<table width=\"99%\">\n<tbody>\n<tr>\n<td width=\"7%\"><strong>Visual<\/strong><\/td>\n<td width=\"20%\"><strong>Legitimate Character<\/strong><\/td>\n<td width=\"22%\"><strong>Lookalike(s)<\/strong><\/td>\n<td width=\"17%\"><strong>Script<\/strong><\/td>\n<td width=\"31%\"><strong>Common Use in Attacks<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">a<\/td>\n<td width=\"20%\">a (U+0061)<\/td>\n<td width=\"22%\">\u0430 (U+0430)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201cpayp\u0430l\u201d, \u201cf\u0430cebook\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">e<\/td>\n<td width=\"20%\">e (U+0065)<\/td>\n<td width=\"22%\">\u0435 (U+0435)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201cm\u0456crosoft\u201d, \u201ct\u0435sla\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">o<\/td>\n<td width=\"20%\">o (U+006F)<\/td>\n<td width=\"22%\">\u03bf (U+03BF), \u043e (U+043E)<\/td>\n<td width=\"17%\">Greek \/ Cyrillic<\/td>\n<td width=\"31%\">\u201cg\u03bfogle\u201d, \u201cmicros\u03bfft\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">i<\/td>\n<td width=\"20%\">i (U+0069)<\/td>\n<td width=\"22%\">\u0131 (U+0131), \u0406 (U+0406)<\/td>\n<td width=\"17%\">Turkish \/ Cyrillic<\/td>\n<td width=\"31%\">\u201cinst\u0430gram\u201d, \u201cm\u0456crosoft\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">l<\/td>\n<td width=\"20%\">l (U+006C)<\/td>\n<td width=\"22%\">I (U+0049)<\/td>\n<td width=\"17%\">Latin<\/td>\n<td width=\"31%\">\u201cgoogIe\u201d, \u201cmicros0ft\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">c<\/td>\n<td width=\"20%\">c (U+0063)<\/td>\n<td width=\"22%\">\u0441 (U+0441)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201cfa\u0441ebook\u201d, \u201cmi\u0441rosoft\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">p<\/td>\n<td width=\"20%\">p (U+0070)<\/td>\n<td width=\"22%\">\u0440 (U+0440)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201c\u0440\u0430ypal\u201d, \u201cdro\u0440box\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">s<\/td>\n<td width=\"20%\">s (U+0073)<\/td>\n<td width=\"22%\">\u0455 (U+0455)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201cmicro\u0455oft\u201d, \u201c\u0455lack\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">y<\/td>\n<td width=\"20%\">y (U+0079)<\/td>\n<td width=\"22%\">\u0443 (U+0443)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201c\u0443ahoo\u201d, \u201c\u0440\u0430ypal\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">x<\/td>\n<td width=\"20%\">x (U+0078)<\/td>\n<td width=\"22%\">\u0445 (U+0445)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201c\u0445box\u201d, \u201clin\u03c5x\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">d<\/td>\n<td width=\"20%\">d (U+0064)<\/td>\n<td width=\"22%\">\u0501 (U+0501)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201cclou\u0501flare\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">h<\/td>\n<td width=\"20%\">h (U+0068)<\/td>\n<td width=\"22%\">\u04bb (U+04BB)<\/td>\n<td width=\"17%\">Cyrillic<\/td>\n<td width=\"31%\">\u201c\u04bbbo\u201d, \u201c\u04bbulu\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">n<\/td>\n<td width=\"20%\">n (U+006E)<\/td>\n<td width=\"22%\">n (U+0578)<\/td>\n<td width=\"17%\">Armenian<\/td>\n<td width=\"31%\">\u201cli\u043fkedin\u201d, \u201camazo\u043f\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">m<\/td>\n<td width=\"20%\">m (U+006D)<\/td>\n<td width=\"22%\">rn (sequence)<\/td>\n<td width=\"17%\">Latin (visual trick)<\/td>\n<td width=\"31%\">\u201crnicrosoft\u201d instead of \u201cmicrosoft\u201d<\/td>\n<\/tr>\n<tr>\n<td width=\"7%\">0<\/td>\n<td width=\"20%\">0 (digit zero)<\/td>\n<td width=\"22%\">O (U+004F), \u043e (U+043E)<\/td>\n<td width=\"17%\">Latin \/ Cyrillic<\/td>\n<td width=\"31%\">\u201cmicr0soft\u201d, \u201cg00gle\u201d<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Why homoglyph attacks are effective?<\/h3>\n<ol>\n<li><strong>Human perception:<\/strong> People evaluate URLs visually and are poor at spotting subtle character differences.<\/li>\n<li><strong>Display vs. storage mismatch:<\/strong> Systems may store ASCII (Punycode) but display Unicode, introducing confusion.<\/li>\n<li><strong>Policy\/allowlist gaps<\/strong>: Allowlisting based on visible strings (without normalization) can miss IDN-based lookalikes.<\/li>\n<li><strong>Certificate and hosting availability:<\/strong> Attackers can obtain TLS certs for lookalike domains (Let\u2019s Encrypt and similar), raising perceived legitimacy.<\/li>\n<li><strong>Automation gaps:<\/strong> Many security pipelines don\u2019t normalize Unicode or run mixed-script detection, so homographs slip through.<\/li>\n<\/ol>\n<h3>Common homoglyph use cases and attack vectors<\/h3>\n<ul>\n<li><strong>Spear-phishing &amp; credential harvesting:<\/strong> Phishing emails contain links to lookalike domains that host credential-collection forms.<\/li>\n<li><strong>Business Email Compromise (BEC):<\/strong> Invoice\/payment scams where the sender\u2019s display name or a domain in an invoice looks correct but contains homoglyphs.<\/li>\n<li><strong>Malvertising \/ malware distribution:<\/strong> Executables and updates are hosted on lookalike domains to trick analysts and sandboxes.<\/li>\n<li><strong>Username\/display name spoofing:<\/strong> On Slack\/Teams\/Email, attackers register accounts where the display name uses homoglyphs to impersonate coworkers.<\/li>\n<li><strong>Supply-chain &amp; developer confusion:<\/strong> Package names, repo names, or variable identifiers with lookalike characters cause devs to pull malicious code or execute wrong binaries.<\/li>\n<\/ul>\n<h3>Real-world examples and campaign patterns<\/h3>\n<p>To stay actionable and responsible, the following are anonymized patterns and publicly reported behaviours (no brand finger-pointing):<\/p>\n<ul>\n<li><strong>Finance-targeted phishing:<\/strong> Campaigns register lookalike domains of payment portals with mixed Latin\/Cyrillic characters, host credential forms, and send follow-ups to improve success.<\/li>\n<li><strong>SaaS impersonation:<\/strong> Attackers registered IDNs visually identical to a popular SaaS login page to harvest credentials, often pairing the domain with a valid TLS certificate and a convincing HTML login form.<\/li>\n<li><strong>Executive impersonation in BEC:<\/strong> Display names in email clients (or slight domain modifications) are used to request urgent transfers; perpetrators rely on users not inspecting the actual return-path domain.<\/li>\n<li><strong>Malware distribution via lookalike downloads sites:<\/strong> Fake download portals (e.g., for installers) hosted on homoglyph domains to push malicious payloads that sandbox detonation misses because domain reputation is new.<\/li>\n<\/ul>\n<h3>Technical deep dive \u2014 Unicode, IDNs, and Punycode<\/h3>\n<h3>Unicode and scripts<\/h3>\n<p>Unicode is a comprehensive character set that includes many scripts (Latin, Cyrillic, Greek, Armenian, Hebrew, Arabic, etc.). Many glyphs across different scripts look similar or identical at typical font sizes.<\/p>\n<h3>IDNs and Punycode<\/h3>\n<p>The Domain Name System (DNS) historically supports only ASCII. To allow non-ASCII names, IDNA (Internationalized Domain Names in Applications) employs Punycode \u2014 an ASCII-compatible encoding prefixed by xn--. For example, \u043f\u0440\u0438\u043c\u0435\u0440 (Cyrillic) becomes xn--e1afmkfd.<\/p>\n<p>Browsers decide whether to display the Unicode form or the Punycode form based on heuristics. If a domain uses characters from a single script and that script matches the user\u2019s locale, browsers often display the Unicode string \u2014 which is visually deceptive for someone used to Latin characters.<\/p>\n<h3>Mixed scripts and confusable<\/h3>\n<p>Attackers often use mixed-script domains, combining Latin letters with a few Cyrillic or Greek characters in positions that are visually sensitive (brand name core, domain label start\/end).<\/p>\n<p>Technical mechanics that matter for detection:<\/p>\n<ul>\n<li>Normalization forms (NFC, NFD, NFKC) change canonical decomposition\/composition and affect string comparisons.<\/li>\n<li>Confusables tables (Unicode consortium) list visually confusable characters; defenders can use these for fuzzy matching.<\/li>\n<li>BIDI (bidirectional) controls can reverse text rendering (\\u202E), used by attackers to obfuscate filenames or display names.<\/li>\n<\/ul>\n<h3>Attack flow \u2014 step-by-step<\/h3>\n<ol>\n<li><strong>Recon &amp; Branding<\/strong>: Attacker gathers brand names, common subdomains, and localized scripts used by the target.<\/li>\n<li><strong>Domain prep:<\/strong> Register homoglyph domain(s) via a registrar that accepts IDNs; optionally obtain TLS certs.<\/li>\n<li><strong>Hosting &amp; content:<\/strong> Set up phishing page, download portal, or redirect flows; configure email templates to point to the domain.<\/li>\n<li><strong>Delivery:<\/strong> Send emails, ads, or social messages linking to the homoglyph domain; exploit typical trust cues (logos, similar wording).<\/li>\n<li><strong>Collection &amp; exploitation:<\/strong> Harvest credentials, push malware, monetize via fraud or sale on access markets.<\/li>\n<li><strong>Persistence:<\/strong> Use harvested credentials to expand access or register more lookalike domains to rotate campaigns.<\/li>\n<\/ol>\n<h3>Why detection can fail \u2014 subtle technical pitfalls<\/h3>\n<ul>\n<li><strong>No Unicode normalization:<\/strong> Tools that compare strings directly without Unicode normalization miss matches.<\/li>\n<li><strong>Font\/rendering variance:<\/strong> Some fonts reveal differences (serifs), others hide them (sans-serif at small sizes).<\/li>\n<li><strong>Mixed-script heuristics:<\/strong> Not all filters flag mixed scripts; some legitimacy checks only ensure ASCII.<\/li>\n<li><strong>TLS false sense of security:<\/strong> A valid certificate is not proof of identity; certificate transparency helps but doesn\u2019t block registration patterns.<\/li>\n<\/ul>\n<h3>MITRE ATT&amp;CK mapping (high-level)<\/h3>\n<ul>\n<li>Homoglyph attacks most commonly align with phishing-based initial access, where lookalike domains host credential-harvesting pages.<\/li>\n<li>Attackers rely on open-source intelligence to craft believable impersonation targets and acquire deceptive domains and TLS certificates during the resource-development phase.<\/li>\n<li>Masquerading techniques are used to evade defences, ultimately enabling credential theft, fraud, or broader intrusion activity.<\/li>\n<\/ul>\n<table>\n<tbody>\n<tr>\n<td width=\"148\"><strong>Stage<\/strong><\/td>\n<td width=\"220\"><strong>Technique<\/strong><\/td>\n<td width=\"106\"><strong>ATT&amp;CK ID<\/strong><\/td>\n<td width=\"221\"><strong>Homoglyph relevance<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"148\">Initial Access<\/td>\n<td width=\"220\">Phishing: Spear phishing Link<\/td>\n<td width=\"106\">T1566.002<\/td>\n<td width=\"221\">Lookalike domains host credential pages<\/td>\n<\/tr>\n<tr>\n<td width=\"148\">Reconnaissance<\/td>\n<td width=\"220\">Search Open Websites\/Domains<\/td>\n<td width=\"106\">T1593<\/td>\n<td width=\"221\">OSINT used to craft target-specific homoglyphs<\/td>\n<\/tr>\n<tr>\n<td width=\"148\">Resource Development<\/td>\n<td width=\"220\">Acquire Domain<\/td>\n<td width=\"106\">T1583.001<\/td>\n<td width=\"221\">Register homoglyph domains and TLS certs<\/td>\n<\/tr>\n<tr>\n<td width=\"148\">Defence Evasion<\/td>\n<td width=\"220\">Masquerading \/ Deceptive Naming<\/td>\n<td width=\"106\">T1036<\/td>\n<td width=\"221\">Homoglyphs impersonate trusted names<\/td>\n<\/tr>\n<tr>\n<td width=\"148\">Credential Access<\/td>\n<td width=\"220\">Phishing for Credentials<\/td>\n<td width=\"106\">T1531 \/ T1556<\/td>\n<td width=\"221\">Harvested credentials used for takeover<\/td>\n<\/tr>\n<tr>\n<td width=\"148\">Impact<\/td>\n<td width=\"220\">Data Encrypted for Impact \/ Fraud<\/td>\n<td width=\"106\">T1486 \/ T1490<\/td>\n<td width=\"221\">Initial vector leads to larger intrusions<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Defensive Measures and Operational Recommendations<\/h3>\n<h3>Policy and governance<\/h3>\n<ul>\n<li>Organizations should maintain a formal domain-defence strategy that includes registering common lookalike domains for high-value brands and services.<\/li>\n<li>Clear IDN usage policies should prohibit mixed-script domains in official communications.<\/li>\n<\/ul>\n<h3>Technical controls<\/h3>\n<ul>\n<li>Email gateways and web proxies must normalize Unicode and clearly surface Punycode warnings for suspicious links.<\/li>\n<li>DNS filtering systems should treat newly observed xn-- domains as high risk until reviewed.<\/li>\n<li>Certificate transparency monitoring should alert security teams when certificates are issued for lookalike domains.<\/li>\n<\/ul>\n<h3>Operational practices<\/h3>\n<ul>\n<li>Brand-monitoring programs should track domain registrations and abuse reports in near real time.<\/li>\n<li>Phishing simulations should include realistic homoglyph-based scenarios to improve user awareness.<\/li>\n<li>Incident response playbooks should document takedown workflows, including registrar and hosting provider escalation.<\/li>\n<\/ul>\n<h3>Best-Practice Checklist<\/h3>\n<ul>\n<li>Enforce multi-factor authentication on all sensitive services.<\/li>\n<li>Normalize and inspect all inbound URLs, displaying Punycode when appropriate.<\/li>\n<li>Monitor certificate transparency and passive DNS data for newly registered lookalike domains.<\/li>\n<li>Block or strictly review mixed-script domains.<\/li>\n<li>Run phishing simulations that include homoglyph techniques.<\/li>\n<li>Register defensive domain variations for critical brands.<\/li>\n<li>Require secondary verification for financial or credential-related requests.<\/li>\n<\/ul>\n<h3>Emerging Trends to Watch<\/h3>\n<ul>\n<li>Attackers increasingly automate homoglyph generation and domain registration at scale.<\/li>\n<li>AI-assisted phishing improves the credibility of lures while homoglyph domains host the deception layer.<\/li>\n<li>Homoglyph abuse is expanding into software supply chains through deceptive package and repository names.<\/li>\n<li>Cross-channel impersonation combines homoglyphs with chat platforms and voice cloning to increase trust and success rates.<\/li>\n<\/ul>\n<h3>Conclusion<\/h3>\n<p>Homoglyph attacks demonstrate how minor visual manipulation can lead to major security failures. By exploiting Unicode complexity and human perception, attackers bypass both users and poorly normalized defences.<\/p>\n<p>Effective mitigation requires layered controls: Unicode normalization, confusable matching, mixed-script detection, proactive domain monitoring, and strong user verification processes. When combined, these measures significantly raise the cost and complexity for attackers\u2014turning a simple deception technique into a far less effective threat.<\/p>\n<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Table of Contents Introduction What is a Homoglyph Attack? Practical Homoglyph Confusable Practical Homoglyph Confusable Table Why Homoglyph Attacks Are Effective Common Homoglyph Use Cases and Attack Vectors Real-World Examples and Campaign Patterns Technical Deep Dive \u2014 Unicode, IDNs, and Punycode Unicode and Scripts IDNs and Punycode Mixed Scripts and Confusable Attack Flow \u2014 Step-by-Step [&hellip;]<\/p>\n","protected":false},"author":19,"featured_media":10359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[],"class_list":["post-10354","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-stay-digitally-safe"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts\/10354"}],"collection":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/comments?post=10354"}],"version-history":[{"count":7,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts\/10354\/revisions"}],"predecessor-version":[{"id":10362,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts\/10354\/revisions\/10362"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/media\/10359"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/media?parent=10354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/categories?post=10354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/tags?post=10354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}