Cybersecurity researchers have recently flagged a highly sophisticated phishing campaign that leverages a unique tactic: the use of the Japanese hiragana character “ん” to mimic the appearance of a forward slash (“/”) in website URLs. This technique is especially effective on certain fonts and browser systems, making phony URLs appear nearly identical to legitimate ones, thus tricking even vigilant internet users.
The campaign’s primary target is customers of the travel platform Booking.com. Instead of the real URL containing forward slashes, attackers craft addresses using the “ん” character, such as “https://account.booking[.]comんdetailんrestric-access.www-account-booking[.]comんen/”. On first glance, these URLs look authentic, but they redirect users to fraudulent domains controlled by cybercriminals.
The malicious strategy starts with phishing emails containing these deceptive links. When clicked, users are sent to sites that deliver MSI installer files, which may secretly install malware like information stealers or remote access trojans on victim devices.
This approach is part of a broader trend known as homograph attacks. Cybercriminals exploit visual similarities between characters from different Unicode sets, using them to spoof trusted domains. Previously, attackers have used Cyrillic letters to impersonate Latin ones; the use of Japanese “ん” adds a clever new layer to these deceptions.
According to the 2025 Phishing Trends Report, homograph attacks are evolving and becoming harder to filter out, as criminals strive to defeat security systems and bypass standard defenses.
Safety tips
Security experts recommend multiple protective strategies. Users should hover over links to reveal actual destination URLs, though this has limitations with sophisticated character spoofing. Modern browsers like Chrome have implemented protections against many homograph attacks, but visual URL inspection alone is insufficient.
The most effective defense combines updated security software, email filtering, and comprehensive user education about evolving attack vectors. This campaign demonstrates how cybercriminals continuously adapt their techniques to exploit even subtle visual ambiguities in digital communication systems.
Ultimately, this new phishing campaign highlights cybercriminals’ constant creativity in exploiting even the smallest ambiguities in digital communication. As attackers continue to adapt their methods, organizations and individuals need to stay aware of these rapidly advancing attack vectors and double down on multi-layered security measures.