Homograph attacks and look-alike domains
Some of the most convincing phishing domains aren't misspellings — they're visually identical to the real thing, built from characters in other alphabets.
The trick
Many letters look the same across writing systems. The Latin "a" and the Cyrillic "а" are visually indistinguishable in most fonts, but to a computer they're completely different characters. An attacker can register a domain that looks exactly like a trusted brand while being a totally different address underneath. This is called a homograph (or homoglyph) attack.
How it became possible
Internationalised Domain Names (IDNs) let domains use non-Latin scripts — a genuinely good thing for a global internet. But it also opened the door to mixing scripts so that a malicious domain renders identically to a legitimate one. A famous 2017 demonstration registered an all-Cyrillic domain that displayed as "apple.com" in major browsers.
What to watch for
- Mixed scripts — Latin letters combined with Cyrillic, Greek, or other confusable characters in one name.
- Whole-script swaps — an entire name rendered in a non-Latin script that mimics Latin.
- Invisible characters — zero-width spaces or similar, hidden inside the name.
How this tool helps
When you look up a domain that contains these characters, whoislookuppro flags it with a risk level and explains why. It's a signal to verify — not a verdict — but it surfaces exactly the kind of deception a quick glance would miss. It's most useful when you're checking a domain from an email or link you don't already trust.