John Hammond Explores Sophisticated Phishing Technique Using Homoglyph Characters

In this video, John Hammond explores a sophisticated phishing technique using homoglyph characters to deceive users. This method, which is not new but remains effective, involves using Unicode characters that resemble legitimate characters to create deceptive URLs. Specifically, the phishing campaign targeting Booking.com uses a Japanese hiragana character that, on some systems, can appear as a slash (/), a common element in legitimate URLs.

Hammond explains that this hiragana character, with the hexadecimal Unicode code 3093, can be used to create URLs that seem to belong to legitimate websites but actually redirect users to malicious sites. For example, a phishing URL might look like "account.booking.com[hiragana]/detail[hiragana]/restrict_access," where the hiragana characters replace the slashes. This substitution can trick users into believing they are visiting the genuine Booking.com site.

To demonstrate this technique, Hammond uses a Kali Linux virtual machine to create HTML files containing various Unicode characters that resemble slashes. He then tests these files in a web browser to see which ones could deceive users. He discovers that certain characters, like the hiragana character, are particularly effective for this deception.

Hammond emphasizes that modern browsers have implemented security measures to detect and block these phishing attempts. For example, browsers often use punycodes to represent Unicode characters in URLs, which can make phishing attempts more visible. However, the hiragana character seems still capable of bypassing these protections in some cases.

By exploring other Unicode characters that could be used similarly, Hammond employs an artificial intelligence model to generate a list of potentially deceptive characters. He then tests these characters to see which ones could be used to create convincing phishing URLs. He finds that while some characters can be used in file names, most are blocked by browsers when used in domains.

The video highlights the importance of vigilance and education in protecting against these phishing techniques. Users need to be aware of homoglyph characters and other deception methods used by cybercriminals. By understanding how these attacks work, users can better protect themselves against phishing attempts and malware.

In conclusion, this video provides a fascinating and educational overview of phishing techniques using homoglyph characters. It shows how these attacks can be implemented and how users can protect themselves. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=nxVr4ERhrPQ