Phishing attacks are getting sneakier, and sometimes all it takes is a single Unicode character to fool even a trained eye. One of the newest phishing techniques involves swapping the regular / (slash) with a similar-looking Unicode character.
Visually? Everything looks normal.
Under the hood? The link is not what you think.
Letβs take a look π
π Phishing with Unicode: Slash Lookalikes
Attackers exploit Unicode to mimic legitimate URLs by swapping out the slash / with homoglyphs β characters that look the same but are actually different.
| Character | Unicode | Description | Hover Link |
|---|---|---|---|
| / | U+002F | Solidus (Normal Slash) | https://booking.com |
| β | U+2216 | Set Minus (Backslash-like) | https://booking.com |
| β | U+2044 | Fraction Slash | https://booking.com |
| β | U+2215 | Division Slash | https://booking.com |
| β§Έ | U+29F8 | Big Solidus | https://booking.com |
| οΌ | U+FF0F | Fullwidth Solidus | https://booking.com |
| οΈ | U+FE10 | Presentation Form for Vertical Comma | https://booking.com |
| γ³ | U+3033 | Vertical Kana Repeat Mark Upper | https://booking.com |
| γ | U+31D3 | CJK Stroke-like Character | https://booking.com |
| γ | U+3093 | Hiragana Letter N (used in phishing) | https://booking.com |
| Χ | U+05C3 | Hebrew Punctuation Sof Pasuq | https://booking.com |
| ά | U+0701 | Syriac Supralinear Full Stop | https://booking.com |
| α΅ | U+1735 | Philippine Single Punctuation | https://booking.com |
| α‘ | U+1361 | Ethiopic Wordspace | https://booking.com |
| β’ | U+2022 | Bullet | https://booking.com |
| οΌΌ | U+FF3C | Fullwidth Reverse Solidus (Backslash) | https://booking.com |
| α | U+1806 | Mongolian Todo Soft Hyphen | https://booking.com |
| β | U+2042 | Asterism | https://booking.com |
| βΈ» | U+2E3B | Two-Em Dash | https://booking.com |
| βΉ | U+2E5D | Oblique Hyphen | https://booking.com |
| β¦ | U+2026 | Ellipsis | https://booking.com |
π‘οΈ Why This Matters
Phishing pages crafted this way can:
- Bypass visual inspection
- Evade some automated filters
- Trick users into trusting a malicious link
Hovering over links or inspecting the full URL is no longer enough unless you're looking for non-standard characters.
This phishing method has been spotted in the wild, including in a campaign targeting Booking.com customers:
π° Read the full breakdown here:
π Booking.com phishing campaign uses sneaky character to trick you
π¬ Watch the analysis by John Hammond:
π YouTube: John Hammond Explains the Unicode Phishing Trick
Stay sharp and stay safe. Just because a link looks right, doesnβt mean it is.
π¬ Have you seen similar techniques in the wild? Share below!
Top comments (0)