Homoglyph / Lookalike Character Detector

Find visually similar Unicode characters that could be used for phishing.

Free homoglyph detector. Scans text for non-ASCII characters that look like Latin letters or digits — such as Cyrillic а, Greek ο or fullwidth forms — to catch IDN homograph and lookalike spoofing. Runs entirely in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is a homoglyph attack?

A homoglyph (or homograph) attack swaps a normal character for a different Unicode character that looks identical, so аpple.com using a Cyrillic а can impersonate apple.com. It is common in phishing domains and fake usernames.

Catch lookalike-character spoofing

Attackers register domains and create usernames that look identical to a trusted name but use a different Unicode character — a Cyrillic а instead of a Latin a, a Greek ο instead of an o, or a fullwidth . This is the basis of the IDN homograph attack. This tool scans your text and flags every non-ASCII character that imitates an ASCII letter or digit, showing which character it is pretending to be and its code point.

How it works

The detector holds a mapping table of well-known confusable characters keyed by the ASCII letter or digit they resemble (for example Cyrillic а U+0430, е U+0435, о U+043E; Greek ο U+03BF, ρ U+03C1; fullwidth forms U+FF21–U+FF5A; and letterlike/math symbols). It walks the input by code point; any character that is not in the ASCII range U+0000U+007F is looked up in the table. A hit is reported as “looks like x”, along with the character’s U+XXXX value so you can confirm exactly what it is. Pure ASCII text produces no flags.

Classic homoglyph substitutions

These are among the most frequently abused in phishing:

Lookalike characterImitatesScriptCode point
аaCyrillicU+0430
еeCyrillicU+0435
оoCyrillicU+043E
οoGreekU+03BF
ρpGreekU+03C1
νvGreekU+03BD
ΙIGreek capitalU+0399
lFullwidthU+FF4C
0FullwidthU+FF10

Real-world example

The string аpple.com looks identical to apple.com in most fonts, but the first character is Cyrillic а (U+0430) rather than Latin a (U+0061). A browser renders this as the Punycode domain xn--pple-43d.com internally, but the visual in the address bar is indistinguishable from the real Apple domain to a casual reader.

This category of attack is called an IDN homograph attack (IDN = International Domain Names). The technique has been used in credential phishing, bank fraud, and corporate impersonation campaigns.

Whole-script substitution

The most dangerous variant is not mixing one fake letter into an ASCII string, but writing the entire word in a different script that happens to look identical to a Latin word. For example, the Russian word “аррle” written entirely in Cyrillic letters could visually match “apple” depending on the font. This tool surfaces every non-ASCII character, making any whole-script substitution immediately visible.

Tips for domain verification

  • When a domain is flagged, check your browser’s address bar for xn--… Punycode — internationalised names are encoded this way internally and the xn-- prefix confirms a non-ASCII domain is in use.
  • Compare against the genuine domain from a trusted bookmark or direct Google search rather than clicking a link.
  • Security teams can use this tool to scan domains in phishing reports or email headers for lookalike substitutions before analysis.

Detection runs entirely in your browser — nothing is uploaded.