- Cyber criminals are using the Japanese alphabet to counterfeit booking.com
- Scammers are aimed at people with lists on site
- Users are advised to carefully review incoming messages
Cybercriminals Spoofing Booking.com with a smart use of Unicode -Figures in their phishing landing pages to spread malware.
Independent security researcher alias Jameswt recently reported to see phishing -e emails being sent to people showing their real estate on the popular lodging reservation service. In the e -mail, the victims are told that someone was complaining about their listing and that they should go through it quickly or face -ending.
The e -mail also gives the link, as when opened, at first glance look legitimate. However, on closer examination, it can be seen in the URL that instead of the forward -looking Dash character ‘/’, the link actually uses ‘ん’ -a Japanese hiragana character representing the sound ‘n’.
Typosquatting
Hiragana is one of the three most important manuscripts used in written Japanese with Katakana and Kanji.
Those who do not see the trick and open the site are served a malicious MSI installer from a CDN link. The researcher added that samples of the malicious location are already available on the cybersecurity platform Malawarebazaar, and that Any.Run -analysis is already showing the infection chain.
It is assumed that the striker is the forgery of Booking.com to provide infosteals and remote access trojans (rat).
Replacing a single character in the URL to fool victims of opening sites is a long established practice. It is called “typosquatting” and knocks on the victims that are not careful when reviewing the URL they open.
Booking.com, one of the most popular lodging reservation services in the world, is often falsified in such attacks along with like Amazon, Microsoft, DHL and others.
Defending against these attacks is relatively easy and requires users to slow down and carefully undergo in -depth communication, especially unsolicited messages. Double control of links, attachments, sites and thinking twice about sharing sensitive data is the best course of action these days.
Via Bleeping computer
