What it is
Internationalized Domain Names (IDN) are website addresses that include non-ASCII characters - like accented letters or scripts such as Arabic, Cyrillic, Chinese, or Hindi. They let people use domains in their native languages instead of being limited to A–Z, 0–9, and hyphens.
Why it matters
IDNs improve accessibility and branding for global users. But they also introduce look-alike risks where different characters appear identical, enabling homograph tricks that mimic trusted domains.
How it works
-
Your typed name is converted to an ASCII form called Punycode (starts with
xn--). -
Browsers display the human-friendly script if it meets safety rules.
-
Registries set policies to limit mixed scripts and reduce spoofing.
Red flags
-
A familiar site that looks right but shows a strange certificate or region.
-
A URL that copies a brand yet contains characters from multiple scripts.
-
Copy-paste of the address changes to
xn--...Punycode unexpectedly.
Prevent it
-
Bookmark important sites and use those bookmarks.
-
Hover to preview links and check the certificate before logging in.
-
Turn on browser settings or extensions that always show Punycode.
-
Use MFA so a fake login cannot steal access on its own.