Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

From Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains

Gauge reading zero day



Security researcher Matt Hamilton (a Bishop Fox alumnus, now with Soluble) published a new security advisory about homograph domain names on gTLDs (.com, .net, etc) as well as subdomains within some SaaS companies using homoglyph characters. The attack is similar to an IDN Homograph attack and presents all the same risks. An attacker could register a domain or subdomain which appears visually identical to its legitimate counterpart and perform social-engineering or insider attacks against an organization.

Hamilton announced that between 2017 and today, more than a dozen homograph domains have had active HTTPS certificates. This included prominent financial, internet shopping, technology, and other Fortune 100 sites.

In a partnership between Soluble and Bishop Fox, Verisign and SaaS services (Google, Amazon, Wasabi, DigitalOcean) were notified of the vulnerability and have received continuous updates on the ongoing research. 

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Default fox headshot purple

About the author, Bishop Fox

This represents research and content from the Bishop Fox team.

More by Bishop

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.