Homograph attacks are a way to deceive someone into thinking they're communicating with a legitimate user by using characters that look visually similar to others that aren't in the same character set.
This means someone could use the Cyrillic letter "e" in place of the Latin character "e". For example the usernames below look the same, but are using different characters:
Some spellcheck tools and text editors make these differences more apparent by highlighting the letters or word, but when on a website or display without that functionality it will appear to be the exact same.
Wickr is hoping to prevent this type of spoofing by warning a user that the username contains mixed character sets. eg. Cyrillic vs Latin. You'll see a warning like below when communicating with a user that has mixed characters in their username.
<username> has been flagged for potential spoofing by using mixed encoded
characters in their username. We recommend you verify this user before engaging
in sensitive communications, or block them. Learn more about Homograph Attacks.
We hope this can help identify that someone may be trying to impersonate someone else by using these visually similar characters. Always be sure you're communicating with someone you trust. We'd recommend using the verification feature to prevent this sort of attack, as well as knowing that on Wickr, you cannot message yourself.
Please reach out to firstname.lastname@example.org if you have any questions or feel we can help!
Article is closed for comments.