Booking.com Customers Scammed in Novel Social Engineering Campaign

Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running for at least a year, begins by deploying the Vidar infostealer to gain access partner hotels' Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2000 in two cybercrime forums, according to the researchers. In an October 2023 attack investigated by Secureworks, the threat actor initially emailed a member of the hotel's operations staff requesting help to find an ID document they claimed to have lost. The message did not include an attachment or malicious links. With no reason to be suspicious, the employee responded to the email and requested additional information to help them assist the fake customer. Later that week, the threat actor emailed back, identifying the ID as a passport and stating that they strongly believed they had left it at the hotel. When the hotel employee clicked on the link, a ZIP archive was downloaded to the computer's desktop. Analyzing the contents of the file, Secureworks observed that this Vidar sample was configured to only steal passwords. Public reports show that almost identical emails containing a Google Drive URL were sent to other victims of this campaign. A day after the malware was executed, a hotel employee observed that multiple messages had been sent to upcoming guests from the hotel's Booking.com account. A few hours later, customers started complaining that money had been taken from their accounts. This suggests the attacker deployed Vidar to steal the hotel's Booking.com credentials and use them to access the account. Secureworks said this activity is part of a broader campaign that started at least a year ago, observing that customers of multiple properties received email or in-app messages from Booking.com requesting confirmation of payment details for upcoming stays. These messages contained malicious URLs for inputting these details, and the attackers used this information to withdraw money from the victims' accounts. The researchers believe the threat actors stole credentials to the admin. In a variation on this Booking.com campaign, it has been reported that an attacker socially-engineered a hotel in Scotland under the guise of a guest with a sick child. Jude McCorry, CEO of Cyber Fraud Centre Scotland, said the scam began with the threat actor calling the hotel to say they were planning to stay at the property with a child with serious allergies, and would send a document with full details for simplicity. The receptionist immediately opened the document on receipt, which released the malware and enabled the attacker to access all booking.com bookings. All the guests were then messaged with demands to pay the full amount for bookings on behalf of the hotel. "McCorry noted that this example shows that some cybercriminals are willing to go to any level to increase the chances of their scam working."While using social engineering in this way isn't necessarily new, using the front of a sick child is a low even for these criminals, but doing what we do, nothing surprises us. Rafe Pilling, director of threat intelligence for Secureworks Counter Threat Unit, explained that the scam has a high success rate as it targets genuine Booking.com customers and appears to come from a trusted source. "It's social engineering at its best. Firstly, targeting hotel employees who want to help their customers so will act swiftly. And then targeting holidays, one of the biggest investments people make. When an email comes through from a trusted supplier requiring action or a holiday will be cancelled, it's understandable that someone might respond without pausing to think," he commented. The Secureworks report noted that the language in the emails "Was a better standard of English than average phishing emails." Pilling added that as the attack chain so targeted and on such a large scale, it is a difficult scam to close down because it relies on partner hotels having effective controls in place as well as employees and customers being really aware of phishing threats. "The research demonstrates the whole 'kill chain' of threat activity. From the demand for Booking.com credentials, to sales of the Vidar infostealer, to the complaints from victims," he noted. Speaking to Infosecurity, Pilling said that Secureworks has observed threat actors discussing targeting other third-party booking services on criminal forums, "Airbnb being another example where there is interest in credentials." Secureworks set out the following advice for organizations in the hospitality sector and customers who use Booking.com services to protect themselves against this scam. Be wary of emails or app messages requesting payment details, even if they appear to be from a legitimate source.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 20:25:00 +0000


Cyber News related to Booking.com Customers Scammed in Novel Social Engineering Campaign

Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
10 months ago Infosecurity-magazine.com
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
8 months ago Securityzap.com
Social Engineering: The Art of Human Hacking - Social engineering exploits this vulnerability by manipulating human psychology and emotions to gain unauthorized access to systems and data. Rather than directly breaking cyber defenses, social engineering tactics exploit human vulnerabilities - ...
9 months ago Offsec.com
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
6 months ago Securityweek.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
10 months ago Bbc.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
10 months ago Hackread.com
Social Justice: a global perspective - Today, we commemorate World Day of Social Justice and honor those across the globe who stand for the equitable access to opportunities within societies where individuals' rights are recognized and protected. I have the distinct honor of leading the ...
7 months ago Feedpress.me
Combatting Social Engineering - One popular cyber-attack method known as social engineering leverages human psychology to gather information and perform attacks instead. Social engineering is the psychological manipulation of people into performing actions or divulging confidential ...
9 months ago Cyberdefensemagazine.com
Booking.com customers targeted in hotel booking scam - Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. Secureworks outlined an attack that occurred in October 2023, when a scammer ...
10 months ago Helpnetsecurity.com
Protecting credentials against social engineering: Cyberattack Series - Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a ...
10 months ago Microsoft.com
AI and the Evolution of Social Media - A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. In a 2022 survey, Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in ...
6 months ago Securityboulevard.com
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware - Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a ...
9 months ago Techrepublic.com
The Future of Business Communications: Trends Shaping the Industry - Keeping up with technology trends, especially focusing on effective business communication with your customers across all platforms, is crucial for your company's success. Trends in 2024 include integrating omnichannel campaign management solutions ...
5 months ago Hackread.com
How software engineering will evolve in 2024 - From artificial intelligence and digital twin technologies, to platform engineering rooted in devops principles, to chaos engineering techniques that enhance resilience, to the expanded use of internal developer portals that boost productivity, ...
9 months ago Infoworld.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
10 months ago Cisa.gov
Protecting Your Digital Space: A Guide on How to Stay Cyber Safe on Social Media - In the age of digital inter-connectedness, social media has become an integral part of our daily lives, enabling us to connect, share, and communicate globally. As cyber threats continue to evolve, it's crucial to adopt proactive measures to ensure ...
8 months ago Cybersecurity-insiders.com
Exploring How Virtual Worlds Change Social Media Experiences - Humans have always desired to connect with one another, from the days of sending letters to the current age of social media. As technology has advanced, so have the ways we communicate. We are now seeing a shift in the way tech giants are embracing ...
1 year ago Hackread.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
9 months ago Hackread.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
10 months ago Therecord.media
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
9 months ago Hackread.com
Best of 2023: Why is everyone getting hacked on Facebook? - Importantly, phishing relies on the victim trusting the scammer and taking an action - like clicking a link or sending bank account information - in order for the scammer to get what they want. It's not your imagination - social media scams really ...
9 months ago Securityboulevard.com
Speaking Freely: Lynn Hamadallah - There's been a lot of censorship for example on social media, which I've experienced myself when posting content in support of Palestine. The argument put forward was that those cases represented instances of free speech rather than hate speech. You ...
5 months ago Eff.org
Hospitality Hackers Target Hotels' Booking.com Logins - Cyberattackers are hitting the digital road, looking to make some virtual stops at various hotels that contract with Booking.com to sell rooms. The idea is to phish the hotels' backend Booking.com logins, with the aim of taking over the accounts and ...
8 months ago Darkreading.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
9 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)