ShiftDelete.Net Global

Homograph attack fools even cautious users with nearly perfect fake URLs

Ana sayfa / Internet

A new homograph attack is quietly bypassing old phishing defenses. Instead of sloppy fakes, scammers now use near-identical characters to build URLs that look legitimate even to users who double-check before clicking. And right now, they’re going after Booking.com customers.

Cybersecurity researchers have tracked a phishing campaign that uses the Japanese hiragana character “ん” to mimic familiar elements in URLs. It looks like a slash, a lowercase “n,” or even a tilde. Most people won’t notice the difference, especially at a glance.

For example, this malicious link appears safe:
https://account.booking.comんdetailんrestric-access.www-account-booking.com/en/
But the lookalike characters redirect users to a fake Booking.com page, where malware gets delivered in the background.

Researcher uncovers McDonald’s security flaw

McDonald’s security flaw exposed after researcher bypassed logins by editing a URL, uncovering plain-text passwords and global employee data.

These phishing emails don’t feel suspicious. They’re styled like real Booking.com messages and direct users to login forms that appear authentic. Still, clicking through hands control to bad actors.

Instead of visiting the actual site, users unknowingly launch malware. The installer may deploy an infostealer that grabs passwords and financial data. In other cases, it installs a remote access trojan, letting attackers take control of the system entirely.

This isn’t just about bad design, it’s about calculated deception.

This isn’t the first phishing scam aimed at Booking.com users. Earlier this year, scammers sent fake security CAPTCHAs to trick people into downloading malware. But it doesn’t stop there.

Other attacks now use the same homograph trick against different companies. For instance, some fake Intuit emails lead to domains like Lntuit.com, where a lowercase “L” replaces a capital “I.” In certain fonts, there’s no way to spot the difference unless you’re really looking.

Even though these scams look cleaner, they still leave clues. If a link feels slightly off, or you’re being pushed to log in urgently, pause and inspect the details.

Here are warning signs to watch for:

Attackers know that users are getting better at spotting phishing attempts. That’s exactly why these URLs look so clean. Instead of sloppy tricks, scammers are now using font tricks, language swaps, and character substitutions to blur the line between fake and real.

So far, this method is slipping past both users and filters. And as more character sets get supported online, the potential for abuse only grows.

Yorum Ekleyin