It's a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters. Homograph attack has been known since 2001, but browser vendors have struggled to fix the problem. There is another proof-of-concept website created by security experts from Wordfence to demonstrate this browsers' vulnerability. If your web browser is displaying ' ' in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.
' It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL or SSL certificate.' Xudong Zheng said in a blog post. Okay, then before going to the in-depth details, first have a look at this demo web page ( note: you may experience downtime due to high traffic on demo server), set up by Chinese security researcher Xudong Zheng, who discovered the attack.
