Skip to main content

How do scammers use Unicode characters to trick users?

Beyond homoglyphs, Unicode offers: zero-width characters invisible but affecting parsing, right-to-left override changing display direction, combining characters modifying letter appearance, and special whitespace characters.

Techniques: inserting zero-width characters between letters to defeat text matching, using right-to-left marks to reverse URL display, and exploiting font rendering differences across systems.

Email filters increasingly detect Unicode manipulation as a spam signal. Legitimate messages rarely need these tricks. User awareness helps: unexpected Unicode behavior in URLs or addresses suggests deception.