How to Spot This Domain Spoofing Scam Before It Hits Your Inbox

Picture this. Your AP specialist receives an email from a long-term supplier requesting to update wiring instructions. The domain looks right, the signature block is perfect, and the logo and wording look normal. But there’s a trick. One character in the sender’s address uses a different alphabet. The payment disappears into a threat actor’s account, and your finance team spends weeks chasing it down. This type of scam is homographic impersonation. While it may sound like a science experiment, homographic impersonation is a type of domain spoofing scam that swaps characters to fool the eye. It’s subtle, scalable, and increasingly automated, perfect for cybercriminals seeking quick payments.

What Is Homographic Impersonation?

Homographic impersonation exploits Unicode, the character set that lets the internet support hundreds of alphabets. Cybercriminals register internationalized domain names (IDNs) that look identical to legitimate domains but use visually similar characters from another script.

Take the image below, for example. To the human eye, these addresses on the left look the same, right? When you view those same addresses in a different font (pictured to the right), the subtle character swap becomes obvious, revealing the scam beneath the surface. One careless click can lead employees to a fake site that steals passwords, plants malware, or reroutes payments.

Why Should Businesses Care?

In today’s rush-and-reply workplace, people skim emails and trust familiar brands. Cybercriminals exploit this information by copying a supplier’s or customer’s address and slipping past our natural defenses. The FBI says scams like this cost U.S. companies billions every year. With an increasing amount of homographic impersonation, it is important to remember:

• Real Money Is at Risk - One tiny letter change can reroute wire transfers, steal payroll info, or plant malware.
• Employees Move Fast - Busy people skim emails. Attackers count on that.
• Brand & Trust - Customers or vendors who fall for a fake link may blame you.

How to Spot a Sneaky Link

Before going click crazy, pause for a minute. Hover over the address and zoom in. Are there extra dots, dashes, or odd-looking letters? These are immediate red flags. If the message pressures you to pay now or update your password, treat that urgency as a warning, not a shortcut. Verify that the link in the call-to-action is legitimate by opening the real web page in a separate browser tab and checking the URL. Finally, glance at the sender’s address. If the display name is correct but the email looks strange, call the contact to confirm before taking action.

Five Simply Smarter Steps to Stay Safe

1. Turn on browser warnings - Most browsers can flag international characters and show the raw Punycode.
2. Buy close-match domains - Own common misspellings of your company and product sites so cybercriminals can’t.
3. Keep security tools current - Modern email filters spot strange letters and quarantine risky messages.
4. Teach the hover habit. - Encourage staff to hover over links and double-check before clicking, especially when money is involved.
5. Set a voice-verify rule - Confirm any sudden change to payment details by phone with a known contact.

Homographic impersonation is like a spot-the-difference puzzle with high stakes. One hidden character can be costly, leak data, and hurt your brand. A proactive approach to threat mitigation, whether through an IT security vendor or in-house management, can help properly close Unicode-sized gaps in your defense and shield revenue, reputation, and customers from scams that rely on a single pixel of deception.