Telegram (tested on all mobile versions and Linux and Windows for desktop) is vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, increasing the chances for a successful attack.