WantonQuantum
12 hours ago
The attack boils down to sending phishing emails that contain a url that looks like a legitimate booking.com url but is actually this url. Note the unicode characters that can make it seem like a booking.com url:
https://account.booking.xn--comdetailrestric-access-ge5vga.w...
More info here (the video refers to this page describing the attack): https://www.bleepingcomputer.com/news/security/bookingcom-ph...
Edit: HN presents the unicode characters in the domain in a way that makes it clear they're not slashes (well done HN!) so you'll need to look at the url when you hover over it.
cleartext412
11 hours ago
Character "⧸" (https://www.compart.com/en/unicode/U+29F8) is way harder to distinguish from "/" than ん.
That said, looking at image depicting a phishing mail in the article, I notice that hyperlink text looks like legitimate link, while the link itself points to the bad site, and I would expect this alone to be extremely effective. Many people, myself included, would probably not bother hovering on this kind of long link to confirm it matches the text.