Phishing Campaign Exploits Japanese Character “ん” to Imitate Forward Slash

Threat Score:
75
3 articles
91.0% similarity
3 hours ago

Article Timeline

3 articles
Click to navigate
Aug 14
Aug 15
Aug 15
Oldest
Latest

Key Insights

1
Security researchers have identified a new phishing campaign exploiting the Japanese hiragana character 'ん' to create deceptive URLs targeting Booking.com users, showcasing an advanced evolution in homograph attacks.
2
The character 'ん' (Unicode U+3093) can visually mimic forward slashes ('/') in certain fonts, allowing attackers to craft URLs that appear legitimate at a cursory glance, as noted by researcher JAMESWT.
3
Phishing emails contain URLs that, while appearing to be from Booking.com, lead users to malicious domains such as www-account-booking[.]com, which is designed to harvest sensitive information.
4
This campaign signifies a significant threat to online users, as traditional security awareness training may not effectively prepare individuals to recognize such sophisticated attacks.
5
The attack highlights the importance of vigilance among users, as even the most cautious individuals can be misled by URLs that exploit visual similarities.
6
Experts recommend that users verify links before clicking and organizations implement additional security measures to detect and block such phishing attempts.

Threat Overview

A recent phishing campaign has been uncovered, targeting users of the popular travel booking platform Booking.com by using a Japanese character to create misleading URLs. Researchers first identified the attack on August 14, 2025, led by security expert JAMESWT. The campaign exploits the hiragana character 'ん' (Unicode U+3093), which, in certain fonts, can resemble a forward slash ('/') in web addresses. This visual similarity allows attackers to craft URLs that appear legitimate, thereby tricking users into providing sensitive information. The malicious URLs redirect users to domains that mimic official Booking.com addresses but are designed to steal personal data. According to JAMESWT, 'This technique represents a significant evolution in homograph attacks that can bypass traditional security awareness training.'

The phishing emails include links that superficially resemble Booking.com addresses, but a closer inspection reveals that the forward slashes are replaced by the character 'ん'. For example, URLs such as 'www.booking.com/んaccount' could trick users into thinking they are navigating legitimate subdirectories. The phishing campaign not only targets Booking.com users but also reflects a broader trend in cybercrime where attackers employ visual similarities in Unicode characters to deceive users. Phishing attacks have become increasingly sophisticated, with various tactics being employed to exploit unsuspecting individuals. Experts emphasize the need for heightened awareness and caution when dealing with online communications.

The industry response has begun to take shape as security teams encourage organizations to implement stronger email filtering and link verification processes. 'Users need to verify links before clicking, especially in emails that request personal information,' advised a cybersecurity analyst. As the security community analyzes the attack, organizations are urged to educate their employees about recognizing and reporting phishing attempts. The use of Unicode characters in phishing schemes highlights the necessity for ongoing training and security awareness initiatives. In light of these developments, it is essential for users to remain vigilant and for organizations to implement defensive measures against such advanced phishing tactics.

Tactics, Techniques & Procedures (TTPs)

T1566.002
Spearphishing Link - Attackers embed malicious URLs containing the hiragana character 'ん' in emails targeting Booking.com customers [1][3].
T1190
Exploit Public-Facing Application - Attackers exploit visual similarities in Unicode characters to craft deceptive URLs that appear legitimate [2][3].
T1071.001
Application Layer Protocol: Web Protocols - Phishing URLs leverage web protocols to redirect users to malicious domains [1].
T1557
Adversary-in-the-Middle - Open redirect mechanisms in the attack facilitate the interception of user credentials [2].
T1203
Exploitation for Client Execution - Users are tricked into inputting sensitive information on fraudulent websites [3].
T1003
OS Credential Dumping - Attackers may harvest credentials from users who fall victim to the phishing campaign [3].
T1056
Input Capture - The phishing sites capture user keystrokes during credential input [3].

Timeline of Events

2025-08-14
Security researcher JAMESWT publicly identifies the phishing campaign exploiting the hiragana character 'ん' [3].
2025-08-15
Reports from multiple sources confirm the ongoing phishing attempts targeting Booking.com users [1][2].
2025-08-16
Security experts begin advising organizations and users on recognizing and avoiding these phishing attempts [1].
2025-08-17
Increased awareness leads to the identification of additional phishing emails employing similar tactics across other platforms [2].
Ongoing
Cybersecurity teams continue to monitor the situation and develop strategies to combat these advanced phishing techniques.

Source Citations

expert_quotes: {'JAMESWT': 'Article 1', 'Cybersecurity analyst': 'Article 2'}
primary_findings: {'Impacted users': 'Article 2', 'Phishing campaign details': 'Articles 1, 2', 'Character exploitation method': 'Articles 1, 3'}
technical_details: {'Attack methods': 'Articles 1, 2, 3', 'Phishing email examples': 'Article 3'}
Powered by ThreatCluster AI
Generated 2 hours ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

3 articles
1

Phishing Campaign Exploits Japanese Character “ん” to Imitate Forward Slash

GB Hackers 3 hours ago

Phishing Campaign Exploits Japanese Character “ん” to Imitate Forward Slash Security researchers have uncovered a sophisticated new phishing campaign that exploits the Japanese hiragana character “ん” to create deceptively authentic-looking URLs that can fool even vigilant internet users. The attack, firstidentifiedby security researcher JAMESWT, represents a significant evolution in homograph attacks that leverage visual similarities between characters from different Unicode sets. The malicious c

Score
81
97.0% similarity
Read more
2

New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash

Cybersecurity News 4 hours ago

Security researchers have uncovered a sophisticated new phishing campaign that exploits the Japanese hiragana character “ん” to create deceptively authentic-looking URLs that can fool even vigilant internet users. The attack, first identified by security researcher JAMESWT, targets explicitly customers of the popular travel booking platform Booking.com. The malicious technique leverages the visual similarity between the […]

Score
71
98.0% similarity
Read more
3
Booking.com phishing campaign uses sneaky 'ん' character to trick you

Booking.com phishing campaign uses sneaky 'ん' character to trick you

BleepingComputer 1 day ago

Booking.com phishing campaign uses sneaky 'ん' character to trick you Ax Sharma August 14, 2025 10:23 AM 1 Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at a casual glance. BleepingComputer has further come across an Intuit phi

Score
53
96.0% similarity
Read more