Researchers have noticed a new phishing strategy used by threat actors. This strategy is seen around links sent by threat actors under the guise of links to the Booking.com website. However, users should be careful, as it is possible that the strategy could be used in other phishing campaigns.
First spotted by security specialist JAMESWT, the attack was described in his blog - on August 12, he reported about it. Also, he published the details on the online platform Malware bazaar.
The strategy base is in using of the letter "ん" (Unicode U+3093) in a fishing address. The letter is invisible to the superficial eye and is associated with the slash sign ("/"). In some fonts it looks like the Latin letter "/n" or "/~".
In his post on the X network, JAMESWT gave an example of a detected spoofed address
At the same time, the letter sent by the attackers does not contain the specified symbol.
And also he provided a link to a demonstration of the phishing site.
Victims who click on the link are ultimately redirected to the link that installed the malware.
To avoid becoming a victim of phishing, users are advised to check the actual domain at the right end of the address before the first slash symbol ("/") - this is the real registered domain.
Sources:
[1] JAMESWT - https://x.com/JAMESWT_WT/status/1955060839569870991
[2] BleepingComputer https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/
Top comments (0)