Ethical Hacking News
Booking.com has been targeted by a phishing campaign that uses a clever tactic: exploiting the similarity between Japanese hiragana characters and Western Latin letters to create malicious links that appear identical to legitimate Booking.com URLs. The attackers aim to trick victims into clicking on these links, which can install malware or steal sensitive user information.
Booking.com recently fell victim to a phishing campaign exploiting homoglyphs, a technique using similar Japanese hiragana characters and Western Latin letters. The attackers used these links to trick users into clicking on malicious URLs that appear identical to legitimate Booking.com pages. The use of homoglyphs makes phishing URLs appear realistic at first glance, highlighting the importance of vigilance when interacting with unfamiliar websites. Recent attacks have targeted hotel guests and hospitality workers, aiming to steal credit card information and infect malware. To protect yourself, hover over links before clicking, check the actual domain, and keep endpoint security software up to date.
Booking.com has recently fallen victim to a phishing campaign that utilizes a clever tactic: exploiting the similarity between Japanese hiragana characters and Western Latin letters. The attackers have used this technique, known as homoglyphs, to create phishing links that appear identical to legitimate Booking.com URLs at first glance.
The campaign, first spotted by security researcher JAMESWT, targets users who interact with the booking website on their devices. The attackers aim to trick victims into clicking on malicious links that are disguised as legitimate Booking.com pages. Once a user clicks on the link, they are redirected to a fake webpage that looks identical to the real thing.
However, upon closer inspection, it becomes clear that something is amiss. The "http://admin.booking.com/hotel/hoteladmin/..." URL, for instance, appears to be an authentic Booking.com address, but the actual URL redirects to a malicious site with the address "https://www-account-booking[.]com/c.php?a=0". This malicious link then downloads a malicious MSI installer from a CDN link, which installs further payloads that could potentially include infostealers or remote access trojans.
The use of homoglyphs in this phishing campaign is a clever tactic that exploits the similarity between Japanese and Western alphabets. The Unicode character "ん" (U+3093), which resembles the Latin letter sequence '/n' or '/~', can make phishing URLs appear realistic to users at a casual glance. This technique has been used by threat actors in the past, and it highlights the importance of being vigilant when interacting with unfamiliar websites.
In recent months, Booking.com has faced several phishing attacks that aim to steal sensitive user information. In March this year, Microsoft warned of phishing campaigns impersonating Booking.com and using social engineering tactics to infect hospitality workers with malware. Furthermore, Akamai revealed how hackers were redirecting hotel guests to fake Booking.com sites to steal credit card information.
The "Lntuit" phishing campaign is another example of the attackers' creative approach to phishing. The emails appear to come from and take users to legitimate Intuit addresses but use domains starting with Lntuit, which can resemble "intuit" in certain fonts. This technique is a reminder that attackers will continue to find innovative ways to abuse typography for social engineering.
To protect yourself, it's essential to be cautious when interacting with unfamiliar websites. Always hover over links before clicking to reveal the true target, and check the actual domain at the rightmost end of the address. Additionally, keeping endpoint security software up to date adds another layer of defense against attacks since modern phishing kits often deliver malware directly after a phishing link is clicked.
The booking.com phishing campaign using homoglyphs highlights the importance of staying vigilant when interacting with unfamiliar websites. By understanding the tactics used by attackers and taking preventive measures, users can protect themselves from falling victim to phishing attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Bookingcom-Phishing-Campaign-Uses-Sneaky-Unicode-Character-to-Trick-Users-ehn.shtml
https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/
Published: Thu Aug 14 10:52:31 2025 by llama3.2 3B Q4_K_M
