Advertisement
U.S. markets closed
  • S&P 500

    5,088.80
    +1.77 (+0.03%)
     
  • Dow 30

    39,131.53
    +62.42 (+0.16%)
     
  • Nasdaq

    15,996.82
    -44.80 (-0.28%)
     
  • Russell 2000

    2,016.69
    +2.85 (+0.14%)
     
  • Crude Oil

    76.57
    -2.04 (-2.60%)
     
  • Gold

    2,045.80
    +15.10 (+0.74%)
     
  • Silver

    22.98
    +0.19 (+0.84%)
     
  • EUR/USD

    1.0823
    -0.0005 (-0.04%)
     
  • 10-Yr Bond

    4.2600
    -0.0670 (-1.55%)
     
  • GBP/USD

    1.2673
    +0.0015 (+0.12%)
     
  • USD/JPY

    150.4400
    -0.0600 (-0.04%)
     
  • Bitcoin USD

    51,548.05
    +627.11 (+1.23%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     
  • FTSE 100

    7,706.28
    +21.79 (+0.28%)
     
  • Nikkei 225

    39,098.68
    +836.48 (+2.19%)
     

Booking.com customers targeted in major new phishing campaign

 Lock on Laptop Screen.
Lock on Laptop Screen.

A compromised Booking.com hotel account was used in an elaborate phishing scheme aiming to empty customer bank accounts, a new report from cybersecurity experts Perception Point claims.

As per the report, an unnamed hotel has had its Booking.com account compromised, with the threat actors using this access to get a list of its clients, as well as their personal data: names, booking dates, hotel details, and partial payment methods. Then, they crafted a malicious landing page, seemingly identical to the original Booking.com site, and reached out to people who’ve had bookings coming up.

In the message, they said that the bookings were at risk of cancellation within a day, if the users didn’t “test” their credit card details - by submitting them on the fake landing page.

Booking.com phishing

The fact that the message was coming from the hotel could be enough to get some people to trust it and add their payment data. But if that wasn’t enough, the landing page came pre-filled with some personal information belonging to the victims, further adding credibility.

As dangerous as the attack may seem, it might only be the tip of the iceberg. The researchers are warning that this incident could be part of a larger pattern, as similar things were seen with previous infostealing campaigns targeting the accommodation industry.

Users are advised to be extra careful when receiving emails and social media messages claiming to be from hotels. Messages that cry urgency and demand things be addressed at once are a major red flag.

“Perception Point’s research indicates that this is far from an isolated incident or a small-scale scam. We estimate that hundreds of hotels and resorts worldwide have fallen prey to these breaches. The ripple effect? Thousands of targets, if not more,” the researchers concluded, adding that the attackers banked “hundreds, to thousands of dollars.”

Via InfosecurityMagazine

More from TechRadar Pro

Advertisement