Homograph attacks

ProtonMail helps users defend against homograph attacks via the link confirmation feature. When this feature is enabled for web, Android, or iOS, ProtonMail will automatically detect possible homograph attacks and display a warning popup.

When you receive this warning, you should attempt to verify whether the email is a phishing attack. If you have any doubt, it’s better to err on the side of caution. Do not open the link. You may also report phishing emails to our team.

What are homograph attacks?

Homograph attacks are a kind of phishing attack in which trusted links are replaced with similar-looking malicious ones. Sometimes these are easily recognizable, such as “protonmall.com” instead of “protonmail.com”. However, these attacks can also be more sophisticated, such as replacing Latin letters with visually indistinguishable Cyrillic or Greek letters.

When a victim clicks on a homograph attack link, they may be taken to a scam web page designed to look like the one they intended to visit, where they are asked to enter their credentials or download malware.