jarvisbox

Phishing Text Checker — Homoglyph Detection

Paste a suspicious URL, sender address, or display name to check for homoglyph substitutions — the technique phishing attackers use to make fake domains and addresses look identical to real ones.

Homoglyph phishing works by replacing one or more ASCII characters in a trusted name with visually identical characters from Cyrillic, Greek, or fullwidth Unicode blocks. The result looks like "amazon.com" but is actually "аmazon.com" (Cyrillic а). Since most email clients and browsers render both identically, users cannot detect the substitution without a codepoint-level tool.

Common phishing homoglyph patterns

How to use the Phishing Text Checker

  1. Open the Homoglyph Detector and paste the suspicious text into the input area — a full URL, email address, or username.
  2. Click Analyze. Any non-ASCII lookalike characters are highlighted by script (red = Cyrillic, orange = Greek, blue = fullwidth) with their exact Unicode codepoints.
  3. If any homoglyphs are found, the text is a potential phishing attempt. Click Clean to see the underlying ASCII version and verify whether it matches the trusted source.

Why traditional anti-phishing tools miss homoglyphs

Spam filters and URL scanners typically operate on string equality or known-bad lists. A homoglyph domain "аmazon.com" is not in any blocklist — it was registered legitimately as a Cyrillic domain. Only codepoint-level Unicode inspection reveals the substitution.

ICANN's Universal Acceptance rules and browser punycode display (xn--...) offer some protection for full IDN domains, but mixed-script strings in email display names, chat messages, and package names receive no such treatment.

Related tools

Reportar un problema con esta herramienta