A compromised Booking.com hotel account was used in an elaborate phishing scheme aiming to empty customer bank accounts, a new report from cybersecurity experts Perception Point claims.
As per the report, an unnamed hotel has had its Booking.com account compromised, with the threat actors using this access to get a list of its clients, as well as their personal data: names, booking dates, hotel details, and partial payment methods. Then, they crafted a malicious landing page, seemingly identical to the original Booking.com site, and reached out to people who’ve had bookings coming up.
In the message, they said that the bookings were at risk of cancellation within a day, if the users didn’t “test” their credit card details - by submitting them on the fake landing page.
The fact that the message was coming from the hotel could be enough to get some people to trust it and add their payment data. But if that wasn’t enough, the landing page came pre-filled with some personal information belonging to the victims, further adding credibility.
As dangerous as the attack may seem, it might only be the tip of the iceberg. The researchers are warning that this incident could be part of a larger pattern, as similar things were seen with previous infostealing campaigns targeting the accommodation industry.
Users are advised to be extra careful when receiving emails and social media messages claiming to be from hotels. Messages that cry urgency and demand things be addressed at once are a major red flag.
“Perception Point’s research indicates that this is far from an isolated incident or a small-scale scam. We estimate that hundreds of hotels and resorts worldwide have fallen prey to these breaches. The ripple effect? Thousands of targets, if not more,” the researchers concluded, adding that the attackers banked “hundreds, to thousands of dollars.”
More from TechRadar Pro
- Phishing scam pretends to be the Red Cross to trick victims into installing malware
- Here's a list of the best firewalls today
- These are the best malware removal tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.