Internationalized Domain Names (IDN) - What they are, risks, and safe use tips

Internationalized Domain Names (IDN)

What it is

Internationalized Domain Names (IDN) are website addresses that include non-ASCII characters - like accented letters or scripts such as Arabic, Cyrillic, Chinese, or Hindi. They let people use domains in their native languages instead of being limited to A–Z, 0–9, and hyphens.

Why it matters

IDNs improve accessibility and branding for global users. But they also introduce look-alike risks where different characters appear identical, enabling homograph tricks that mimic trusted domains.

How it works 

  • Your typed name is converted to an ASCII form called Punycode (starts with xn--).

  • Browsers display the human-friendly script if it meets safety rules.

  • Registries set policies to limit mixed scripts and reduce spoofing.

Red flags

  • A familiar site that looks right but shows a strange certificate or region.

  • A URL that copies a brand yet contains characters from multiple scripts.

  • Copy-paste of the address changes to xn--... Punycode unexpectedly.

Prevent it

  • Bookmark important sites and use those bookmarks.

  • Hover to preview links and check the certificate before logging in.

  • Turn on browser settings or extensions that always show Punycode.

  • Use MFA so a fake login cannot steal access on its own.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Phishing

        What it is Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick ...

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • Domain Spoofing

        What it is Domain spoofing is when attackers pretend to be a trusted website or sender by using a look-alike address - think paypaI.com (with a capital “I”), or emails that seem to come from your bank. The goal is to trick you into entering ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...