top | item 45282797

(no title)

The attack boils down to sending phishing emails that contain a url that looks like a legitimate booking.com url but is actually this url. Note the unicode characters that can make it seem like a booking.com url:

https://account.booking.xn--comdetailrestric-access-ge5vga.w...

More info here (the video refers to this page describing the attack): https://www.bleepingcomputer.com/news/security/bookingcom-ph...

Edit: HN presents the unicode characters in the domain in a way that makes it clear they're not slashes (well done HN!) so you'll need to look at the url when you hover over it.

discuss

cleartext412|5 months ago

Character "⧸" (https://www.compart.com/en/unicode/U+29F8) is way harder to distinguish from "/" than ん.

That said, looking at image depicting a phishing mail in the article, I notice that hyperlink text looks like legitimate link, while the link itself points to the bad site, and I would expect this alone to be extremely effective. Many people, myself included, would probably not bother hovering on this kind of long link to confirm it matches the text.