- Cybercriminals are using the Japanese alphabet to spoof Booking.com
- Scammers are targeting people with listings on the site
- Users are advised to carefully review incoming messages
Cybercriminals are spoofing Booking.com with a clever use of Unicode characters in their phishing landing pages to spread malware.
Independent security researcher alias JAMESWT recently reported seeing phishing emails being sent to people listing their real estate on the popular lodging reservation service. In the email, the victims are told that someone complained about their listing, and that they should review it fast or face termination.
The email also provides the link which when opened, at first glance looks legitimate. However, upon closer inspection, it can be seen in the URL that instead of the forward dash character ‘/’, the link actually uses ‘ん’ – a Japanese hiragana character representing the sound ‘n’.
You may like
Typosquatting
Hiragana is one of the three main scripts used in written Japanese, alongside katakana and kanji.
Those that fail to spot the trick and open the site will get served a malicious MSI installer from a CDN link. The researcher added that samples of the malicious site are already available on the cybersecurity platform MalawareBazaar, and that the any.run analysis already shows the infection chain.
It is believed that the attackers are spoofing Booking.com to deliver infostealers and remote access trojans (RAT).
Replacing a single character in the URL, in order to trick victims into opening websites, is a long-established practice. It is called “typosquatting” and banks on the victims not being careful when reviewing the URL they are opening.
Booking.com, being one of the most popular lodging reservation services in the world, is often spoofed in such attacks, together with the likes of Amazon, Microsoft, DHL, and others.
Defending against these attacks is relatively easy, and requires users to slow down and carefully review incoming communications, especially unsolicited messages. Double-checking links, attachments, websites, and thinking twice about sharing sensitive data is the best course of action these days.
Via BleepingComputer
