Way back in 2017, a security researcher created a fake apple.com website where the URL looked completely correct. The trick was that the domain he registered used a unicode character that looks ...

The Cyrillic character for “combining ten millions” can be entered with its Unicode value in Character Viewer. Apple shows variations across fonts below its Unicode label at right.

Cyrillic (Russian alphabet) characters are the most common characters used in IDN homograph attacks, according to research published last month by Farsight Security.

For example, the Cyrillic "a", which has a Unicode number of U+0430, looks exactly like the ASCII "a", or U+0061. It has been possible to register domain names that use those homograph letters.

Cyrillic, zero-width letters and other Unicode oddities allow those with more nefarious intentions to set up a domain that, when rendered, displays as a well-known website.

Attackers can evade a security mechanism and abuse Unicode domains to phish for the login credentials of Chrome, Firefox, and Opera users. Security researcher Xudong Zheng has developed a ...

For example, the letters “a” in the Cyrillic and Latin scripts are visually identical, even though they’re different characters with different Unicode values: U+0430 and U+0061.

His research focused on the use of Unicode characters to represent Cyrillic and Greek alphabets in order to mimic Latin characters and fool users into thinking they’ve landed on a legitimate domain.

The developer used Cyrillic Unicode characters in the extension name allowing the malicious plugins to again sidestep Google’s malware filters.

The domain "аррӏе.com", registered as "xn--80ak6aa92e.com", bypasses the filter by only using Cyrillic characters. You can check this out yourself in the proof-of-concept using Chrome ...