Homoglyph SSID
A network that looks pixel-identical to yours — spelled with letters that aren’t.
What it is
A homoglyph SSID is a network whose name looks identical to one you trust but is spelled with different characters. Unicode contains many characters that render the same as common Latin letters — a Cyrillic “а” looks exactly like a Latin “a,” for example.
Cyrillic а
An attacker names a fake network using these look-alikes. To your eye it’s your network. To the computer it’s a completely different string — which is exactly what lets the attacker run an impersonation without colliding with the real name.
A network that looks pixel-identical to yours — spelled with letters that aren’t.
How attackers do it
The attacker substitutes one or more characters in a trusted SSID with confusable code points: Cyrillic or Greek look-alikes, Arabic-Indic digits, an em-dash in place of a hyphen, or spliced-in zero-width characters that are completely invisible.
Paired with an evil-twin access point, this is a powerful lure — the network name passes a human glance, and a distracted user taps connect.
How we detect it
WifiThreatWatch reduces every nearby network name to a canonical comparison key. It drops invisible format and zero-width characters, normalizes the text, strips combining marks, maps every Unicode digit to ASCII, and applies a curated confusables table for the substitutions normalization doesn’t catch.
When two networks produce the same canonical form but have different raw characters, that’s a look-alike — flagged as a medium-severity alert. It deliberately does not case-fold, because SSIDs are case-sensitive and a difference in capitalization isn’t an attack.
How we stop it
Detection here is about awareness before you connect. WifiThreatWatch warns you that a look-alike of your network is broadcasting nearby — including the invisible-character tricks that no human eye, and most software, would ever notice.
If you do end up connecting to the impostor, the evil-twin and ARP detectors take over, and Active Defense is ready.
ARP Spoofing
An attacker on your network impersonates your router to silently intercept everything you send.
Read more →Evil Twin
A fake access point broadcasts your network’s name to lure your device onto attacker-controlled hardware.
Read more →Rogue Device
A device you never authorized quietly joins your network and gains a foothold on your LAN.
Read more →