A new wave of sophisticated phishing attacks is exploiting Unicode character encoding to create nearly perfect replicas of Booking.com's website, security researchers have warned. The campaign uses internationalized domain names (IDNs) containing homoglyphs - characters from different alphabets that appear identical or nearly identical to Latin letters in the booking.com domain.
Technical Analysis:
The attackers register domains using Cyrillic or Greek characters that visually resemble Latin letters. For example, replacing the Latin 'c' with a Cyrillic 'с' (U+0441) or using Greek omicron (U+03BF) instead of Latin 'o'. When rendered in browsers, these domains appear identical to the legitimate booking.com to untrained eyes.
Attack Methodology:
- Victims receive emails appearing to be from Booking.com with urgent booking confirmations or payment issues
- Links direct to malicious domains using homoglyph characters
- Perfectly cloned login pages harvest credentials
- Stolen data is used for account takeover or sold on dark web markets
Detection Challenges:
- Traditional URL inspection tools often fail to flag these domains
- Browser address bars may display punycode (xn-- prefix) but most users don't check
- Mobile devices are particularly vulnerable due to smaller address bar displays
Protection Recommendations:
- Always manually type booking.com rather than clicking links
- Check for padlock icons and HTTPS (though some phishing sites now implement this)
- Enable browser protections against IDN homograph attacks
- Use password managers which won't auto-fill on fake domains
- Implement DMARC, DKIM and SPF for organizational email protection
The travel industry remains a prime target for such attacks due to the high-value nature of booking accounts containing payment information and travel documents. Security teams should update employee training programs to include Unicode-based phishing recognition.
Comentarios 0
Comentando como:
¡Únete a la conversación!
Sé el primero en compartir tu opinión sobre este artículo.
¡Inicia la conversación!
Sé el primero en comentar este artículo.