Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: Booking.com phishing campaign uses sneaky ‘ん’ character to trick you
These are two separate but related phishing campaigns that exploit a typographical trick called homoglyphs to deceive victims. In the first instance, threat actors used the Japanese hiragana character ん (U+3093), which in some fonts looks like a forward slash, to create a fake Booking.com URL. This visual deception makes the malicious domain [suspicious link removed] appear as a subdirectory of the legitimate booking.com, tricking users into believing they are on a genuine site. The link then redirects victims to a malicious MSI installer that drops malware, such as infostealers or remote access trojans, onto their computers. This tactic is a sophisticated form of a homograph attack, and it demonstrates how attackers leverage the visual similarities between characters from different alphabets to execute social engineering campaigns.
The second campaign targeting Intuit users employs a simpler yet equally effective homoglyph trick. Attackers used a lowercase Latin L to impersonate the letter i, creating the lookalike domain Lntuit.com to mimic the legitimate Intuit.com. This visual substitution is especially effective on mobile devices and in certain fonts where the two characters are nearly indistinguishable, preying on users’ tendency to glance quickly at URLs rather than scrutinize them. The email directs victims to a phishing page designed to steal credentials. Both the Booking.com and Intuit campaigns underscore a growing trend where attackers are creatively manipulating typography to bypass traditional security awareness, highlighting the vulnerability of visual inspection as a sole defense against phishing.
These attacks serve as a critical reminder that cybersecurity threats are constantly evolving, particularly in the realm of social engineering. The use of homoglyphs and homograph attacks demonstrates a move beyond simple fake emails to highly deceptive links that are difficult to spot. The article emphasizes the need for a multi-layered defense strategy, including user education on how to properly inspect URLs—by hovering over links and identifying the true registered domain—and maintaining up-to-date endpoint security software. While these measures offer protection, the campaigns also illustrate the limitations of relying on visual cues alone and reinforce the importance of robust technological solutions to combat increasingly sophisticated phishing tactics.
Projects
Articles
- Farmers Insurance data breach impacts 1.1M people after Salesforce attack – U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks.
- Booking.com phishing campaign uses sneaky ‘ん’ character to trick you – Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware.
- TransUnion says hackers stole 4.4 million customers’ personal information – TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations.
- WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices – WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.