Booking.com customers targeted in major new phishing campaign
A compromised Booking.com hotel account was used in an elaborate phishing scheme aiming to empty customer bank accounts, a new report from cybersecurity experts Perception Point claims.
As per the report, an unnamed hotel has had its Booking.com account compromised, with the threat actors using this access to get a list of its clients, as well as their personal data: names, booking dates, hotel details, and partial payment methods. Then, they crafted a malicious landing page, seemingly identical to the original Booking.com site, and reached out to people who’ve had bookings coming up.
In the message, they said that the bookings were at risk of cancellation within a day, if the users didn’t “test” their credit card details – by submitting them on the fake landing page.
The fact that the message was coming from the hotel could be enough to get some people to trust it and add their payment data. But if that wasn’t enough, the landing page came pre-filled with some personal information belonging to the victims, further adding credibility.
As dangerous as the attack may seem, it might only be the tip of the iceberg. The researchers are warning that this incident could be part of a larger pattern, as similar things were seen with previous infostealing campaigns targeting the accommodation industry.
Users are advised to be extra careful when receiving emails and social media messages claiming to be from hotels. Messages that cry urgency and demand things be addressed at once are a major red flag.
“Perception Point’s research indicates that this is far from an isolated incident or a small-scale scam. We estimate that hundreds of hotels and resorts worldwide have fallen prey to these breaches. The ripple effect? Thousands of targets, if not more,” the researchers concluded, adding that the attackers banked “hundreds, to thousands of dollars.”
