When it comes to spotting unsafe links in emails or text messages, a widely advised strategy is to scrutinize the URL closely, such as by hovering over it prior to clicking. However, cybercriminals are getting increasingly clever. They now utilize lookalike characters embedded in web addresses that can easily deceive even the most discerning users, creating links that seem to lead to legitimate websites but actually redirect to malicious pages intended to distribute malware.

Examining a Homograph Attack Targeting Booking.com

According to BleepingComputer, cybersecurity experts have discovered a phishing operation that incorporates the Japanese hiragana character “ん” within URLs. At first glance, this character can be mistaken for a combination of the common forward slash “/” and either “n” or “~,” making it difficult for users to spot any discrepancies. In reality, such links are harmful—a technique known as a homoglyph or homograph attack exploits visually similar characters from different alphabets.

This phishing scheme specifically targets users of Booking.com through deceptive emails containing fraudulent links. An example of such a URL appears legitimate at first (https://account.booking.comんdetailんrestric-access.www-account-booking.com/en/), but actually redirects users to a rogue site designed to infect devices with malware. This malicious installer could potentially introduce an information-stealing program capable of extracting sensitive data like login credentials or financial details, or a remote access trojan, enabling attackers to gain control over the infected machine from a distance.

This isn’t the first instance of phishing scams targeting Booking.com users recently. Earlier in the year, cybercriminals created counterfeit websites equipped with harmful CAPTCHA forms aimed at remotely invading victims’ devices. Furthermore, Booking.com is not alone in facing such threats. Recent reports from BleepingComputer reveal that phishing emails disguised as communications from software developer Intuit also utilize misleading URLs featuring “Lntuit,” which can appear legitimate in certain font styles when viewed in lowercase.

Preventing Homograph Attacks

To steer clear of homograph attacks, always hover over links that arrive in unsolicited emails, text messages, or social media communications—especially those that urge immediate action regarding account security. While scrutinizing the visual details of a link may occasionally prove insufficient due to the nature of these attacks, it’s advisable to examine the entire URL for any deceptive characters. Pay special attention to the ending portion of the address before the first forward slash, which indicates the actual destination. (For example, www.DailyHackly.com/).

Moreover, it is prudent to completely avoid clicking links and navigate directly to the website or app for the entity mentioned in the message you’ve received. By doing this, you can securely log into your account to review security protocols, reset passwords, or take other measures. According to Malwarebytes Labs, keeping your browser updated can also bolster defenses against homograph attacks.