Attackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports.
The attacks impersonate Booking.com with phony emails that inform users of a new login to their account.
“The attack, first spotted by security researcher JAMESWT, abuses the Japanese hiragana character “ん” (Unicode U+3093), which closely resembles the Latin letter sequence ‘/n’ or ‘/~’, at a quick glance in some fonts,” BleepingComputer explains. “This visual similarity enables scammers to create URLs that appear to belong to the genuine Booking.com domain, but direct users to a malicious site.”
The use of homoglyphs to disguise phishing links is a well-known and effective phishing tactic that continues to see widespread utilization by attackers. In fact, BleepingComputer spotted a separate phishing campaign that impersonates Intuit by using a lower-case ‘L’ instead of an upper-case “I.”
“A homoglyph is a character that looks similar to another character but belongs to a different character set or alphabet,” BleepingComputer writes. “These visually similar characters can be exploited in phishing attacks or to create misleading content. For example, Cyrillic character ‘О’ (U+041E) may appear identical to the Latin letter ‘O’ (U+004F) to a human, but they are different characters. Given their visual similarities, homoglyphs have been leveraged time and time again by threat actors in homograph attacks and phishing emails.”
BleepingComputer offers the following advice to help users avoid falling for these attacks.
“These incidents are a reminder that attackers will continue to find creative ways to abuse typography for social engineering,” the publication says. “To protect yourself, always hover over links before clicking to reveal the true target. Users should always check the actual domain at the rightmost end of the address before the first single / — this is the real registered domain. Granted, the use of visually deceptive Unicode characters like ‘ん’ create additional hurdles, and demonstrates that visual URL inspection alone isn’t foolproof. Keeping endpoint security software up to date adds another layer of defense against attacks since modern phishing kits often deliver malware directly, after a phishing link is clicked.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
BleepingComputer has the story.
