Detect Spoofed Unicode Characters & Homoglyphs Instantly
Visual inspection is useless against modern phishing. Cybercriminals use **Homoglyphs**—characters from foreign scripts (like **Cyrillic** or **Greek**) that look identical to Latin letters—to spoof URLs and messages. This tool acts as a forensic scanner, analyzing the underlying **Code Points** to flag deceptively similar characters that human eyes cannot distinguish.
How to Check for Spoofing
- Paste Your Data: Copy the suspicious URL, email subject, or username into the input box above.
- Auto-Scan: Our algorithm cross-references every character against the **Unicode Confusables Database** to identify script mixing.
- Review Report: View the safety score. Red flags indicate mixed scripts (e.g., a **Cyrillic “а”** hidden inside an English word).
pаypal.com flagged, do not click it. The “a” might be a **Cyrillic Small Letter A** (U+0430), which directs you to a completely different server than the real PayPal (U+0061).
Why Human Eyes Fail
Computers do not see shapes; they see numbers. To a computer, the Latin “a” (`0x61`) and the Cyrillic “а” (`0x0430`) are as different as “A” and “Z”. However, standard fonts render them identically. This vulnerability is known as an **IDN Homograph Attack**. Attackers exploit this to register domains or send emails that look legitimate but contain invisible “imposter” characters. This tool bypasses visual rendering and inspects the raw binary identity of every character.
Visual Inspection vs. Code Point Analysis
| Comparison | Human Eye / Visual | Spoofed Unicode Checker |
|---|---|---|
| Latin ‘a’ vs Cyrillic ‘а’ | Identical | Flagged as Different Scripts |
| Invisible Spaces | Cannot See | Detected (Zero Width Space) |
| Phishing Detection | 0% Reliability | 100% Code Point Accuracy |
Frequently Asked Questions
Q. What are “Confusables”?
**Confusables** are pairs of Unicode characters that look visually similar or identical but belong to different writing systems. The Unicode Consortium maintains a database of these specifically to help prevent security exploits.
Q. Is mixed script always bad?
Not always. Legitimate text often contains mixed scripts (e.g., quoting a Greek phrase in an English sentence). However, a single word mixing Latin and Cyrillic (like “mіcrosoft”) is almost always malicious.