What is IDN homograph spoofing?

IDN homograph attacks use international domain names (IDN) with characters that look identical to ASCII letters. Cyrillic "а" looks exactly like Latin "a" but is a different character, enabling pixel-perfect fake domains.

Example: "аpple.com" with Cyrillic "а" appears identical to "apple.com" but is a completely different domain. Without careful inspection, users can't distinguish them.

Defense: browsers increasingly display IDN domains in punycode (xn--pple-43d.com) when containing mixed scripts. Email clients vary in protection. User awareness that perfect-looking domains can be fake is essential.