Phishing: Slash-like Unicode characters in URL [video] (opens in new tab)

(youtube.com)

3 pointsrapawel6mo ago2 comments

2 comments

The attack boils down to sending phishing emails that contain a url that looks like a legitimate booking.com url but is actually this url. Note the unicode characters that can make it seem like a booking.com url:

https://account.booking.xn--comdetailrestric-access-ge5vga.w...

More info here (the video refers to this page describing the attack): https://www.bleepingcomputer.com/news/security/bookingcom-ph...

Edit: HN presents the unicode characters in the domain in a way that makes it clear they're not slashes (well done HN!) so you'll need to look at the url when you hover over it.

cleartext4126mo ago

Character "⧸" (https://www.compart.com/en/unicode/U+29F8) is way harder to distinguish from "/" than ん.

That said, looking at image depicting a phishing mail in the article, I notice that hyperlink text looks like legitimate link, while the link itself points to the bad site, and I would expect this alone to be extremely effective. Many people, myself included, would probably not bother hovering on this kind of long link to confirm it matches the text.

j / k navigate · click thread line to collapse