top of page
OceanVertical

The Sneaky ‘ん’ That Tricked Booking.com Users

  • cypac1
  • Aug 15
  • 2 min read


Booking scam

Happy Friday A recent phishing campaign is tricking Booking.com hosts by swapping a single character in URLs with the Japanese hiragana , making fake links appear legitimate and leading to malware infections. A phishing link can be deceivingly simple a one character switch can send you from safe to compromised.


This is a textbook homograph attack typosquatting using visually similar characters. By exploiting fonts and human oversight, attackers bypass quick glances and lure victims into thinking a harmful site is trustworthy. Once executed, victims risk full system compromise with threats like infostealing malware and remote access trojans. Security researcher JAMESWT was the first to identify the attack, which exploits the Japanese hiragana character “ん” (Unicode U+3093). In certain fonts, it looks very similar to the Latin letter sequence “/n” or “/~” at a quick glance. This resemblance allows attackers to craft URLs that seem to be part of the legitimate Booking.com domain but instead lead

users to a malicious website.

booking scam1

The text in the email, https://admin.booking.com/hotel/hoteladmin/... itself is deceptive. While it may look like a Booking.com address, the hyperlink points to:


booking scam2

Security experts urge users to slow down and inspect li nks especially on mobile where URLs are truncated. Hover over links, check the domain part before the slash, and always validate authenticity before clicking. And of course, run and keep antivirus tools updated it’s still one of the strongest defenses.


Avoid URL traps here are 5 ways to stay safe:


  1. Inspect URLs Closely

    Always double check links, especially those in emails or messages. Look out for unfamiliar characters, even ones that look like slashes or dots.

  2. Hover Before You Click

    On desktops, hover your mouse over links to preview the actual destination. On mobile, long-press (without tapping) to see where it leads.

  3. Use Trusted Bookmarks

    Don’t click links in emails go directly to websites using saved bookmarks or type the address manually in your browser.

  4. Enable Link Scanning Tools

    Use browser extensions or antivirus software that automatically scan and warn you about suspicious or deceptive URLs.

  5. Train Your Team Regularly

    Educate your team about modern phishing tactics and run simulated phishing tests to keep awareness sharp.


The Takeaway


Even one small character in a URL can open the door to serious threats so slow down when reading emails review links carefully especially on mobile and never assume a familiar name means a safe destination. Every extra second you spend verifying can prevent hours of damage.


Stay safe out there

-Mars

The Positivity Box Zak Coyne, a 24 year old from Huddersfield UK, operated LabHost, a global phishing platform that enabled criminals to create fake sites imitating major brands. Charged with facilitating fraud and money laundering, Coyne pleaded guilty and received an eight and a half year prison sentence in April 2025; his service was linked to more than £100 million in losses worldwide.


New Friday Funnies


Why did the cybercriminal become a spelling bee champ?

Because all it took was one character switch to win big.


Why don’t phishing emails ever get lonely?

They’re always clicking with someone.


My coworker thought it was just a regular attachment.

Turns out, it attached itself to his hard drive.


Why don’t hackers go fishing in lakes?

Because inboxes are way more stocked.

 
 
 

Comments

bottom of page