Which attack exploits visually similar characters due to Unicode encoding, making it hard for users to spot?

Homograph attacks hinge on characters that look identical or very similar but come from different scripts in Unicode. Attackers swap in glyphs from Cyrillic, Greek, or other scripts that resemble Latin letters, so a URL, username, or display name appears legitimate while the underlying code points point to something else. That visual similarity makes it easy for users to overlook the difference and interact with the malicious entity, such as a fake domain or profile. This is different from typosquatting, which relies on common misspellings, and from generic impersonation, which doesn’t depend on visually deceptive characters. To defend, rely on browser protections that reveal internationalized domain names in punycode, verify URLs carefully, and watch for homoglyph variants in domains and usernames.