
While these two versions of Citi Bank’s website appear to be quite similar at first, upon closer inspection you may notice that the letter “a” is the one thing that sets them apart. The difference here is that the first URL uses a small Latin “a” while the one below it uses a lowercase Cyrillic ‘a”.
Hackers and other cybercriminals often register fake domains that are almost identical to a company’s real website, but with one look-alike character from a different language. Unlike [typosquatting], where hackers prey on those who may have misspelt a site’s address by typing “www.amozon.com” instead of “www.amazon.com”, homograph attacks attract more potential victims as many people still click or tap on a link before checking the URL.
How to stay safe from spoofed URLs
The easiest way to stay safe from these kinds of attacks is to avoid clicking on links when possible. Instead, you should put the name of a site or service you want to visit into a search engine and then scroll down to find a company’s official page since hackers are also now [weaponizing ads] to take users to fake sites. In fact, this problem has gotten so bad that even the [FBI now recommends using an ad blocker].
At the same time, you should start taking a closer look at every link you click on. In [Google] [Chrome], all you need to do is hover over a link and its URL will appear at the bottom left corner of your browser window. To inspect it closer though, you can also copy the web address from a link and paste it into a text editor like Microsoft Word.
Cybercrime is as booming of a business as it’s ever been which is why you should also install the [best antivirus software] onto your computer or even consider upgrading to one of the [best internet security suites] as most give you access to a [password manager] and other useful tools in addition to antivirus software.
Spotting spoofed URLs — especially those that use Cyrllic or other foreign alphabets — can be quite difficult but at least now you’re aware of one of the most popular tools in a hacker’s arsenal.

Hackers often use this clever trick to take you to phishing sites — can you spot it?
These spoofed URLs look quite similar to legitimate ones at first glance
