The attack boils down to sending phishing emails that contain a url that looks like a legitimate booking.com url but is actually this url. Note the unicode characters that can make it seem like a booking.com url:
Edit: HN presents the unicode characters in the domain in a way that makes it clear they're not slashes (well done HN!) so you'll need to look at the url when you hover over it.
That said, looking at image depicting a phishing mail in the article, I notice that hyperlink text looks like legitimate link, while the link itself points to the bad site, and I would expect this alone to be extremely effective. Many people, myself included, would probably not bother hovering on this kind of long link to confirm it matches the text.
The attack boils down to sending phishing emails that contain a url that looks like a legitimate booking.com url but is actually this url. Note the unicode characters that can make it seem like a booking.com url:
https://account.booking.xn--comdetailrestric-access-ge5vga.w...
More info here (the video refers to this page describing the attack): https://www.bleepingcomputer.com/news/security/bookingcom-ph...
Edit: HN presents the unicode characters in the domain in a way that makes it clear they're not slashes (well done HN!) so you'll need to look at the url when you hover over it.
Character "⧸" (https://www.compart.com/en/unicode/U+29F8) is way harder to distinguish from "/" than ん.
That said, looking at image depicting a phishing mail in the article, I notice that hyperlink text looks like legitimate link, while the link itself points to the bad site, and I would expect this alone to be extremely effective. Many people, myself included, would probably not bother hovering on this kind of long link to confirm it matches the text.