Booking.com customers targeted in hotel booking scam

Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information.
Secureworks outlined an attack that occurred in October 2023, when a scammer contacted a hotel's operations staff member by email, pretending to be a former guest and claiming they had left their password at the property.
This first email did not contain links or attachments, i.e., nothing that would trigger email security scanners.
It's function was to establish the recipient's trust and prime them for following the instructions in the second email.
A few days later, the scammer contacted the staff member via email again, ostensibly to provide a photo of the document in question and check-in details, downloadable from Google Drive.
The second email, with the malicious Google Drive link.
The downloaded ZIP archive file contained the Vidar infostealer, which harvested the credentials for the hotel's Booking.com account, allowing the attacker to access the Booking.com management portal, access the list of upcoming bookings and directly send out emails to booked guests.
A few months ago, Perception Point researchers uncovered a similar campaign targeting hotels and travel agencies.
The attackers first booked a stay via email and, after having established trust with a member of the hotel's operation staff, they would request specific favors.
The first email would set the stage for the ask, and the second one contained the URL to the documents, hosted on legitimate services.
As in the campaign outlined by Secureworks, the downloaded archive file actually contained an infostealer: Vidar, StealC, or Lumma.
Hospitality industry and its customers are under attack.
The hotel booking scam targeting Booking.com customers has been going on for a while.
There have been news reports about losses suffered by hotel guests, and extensive forum threads by victims and almost-victims sharing their experiences of having been targeted, usually via Booking.com communication channels.
The scam seems to be highly successful and lucrative, and Secureworks has been seeing high demand on underground forums for Booking.com property credentials.
They should be suspicious of such messages even if they come through legitimate channels.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 04 Dec 2023 10:43:05 +0000


Cyber News related to Booking.com customers targeted in hotel booking scam

Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
10 months ago Infosecurity-magazine.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
10 months ago Hackread.com
Booking.com customers targeted in hotel booking scam - Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. Secureworks outlined an attack that occurred in October 2023, when a scammer ...
10 months ago Helpnetsecurity.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
10 months ago Bbc.com
Cybercrims target hotel staff for management credentials The Register - Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. Researchers at Sophos said the latest malware campaign targeting hotels involves sending emails that play on the emotions of staff, while ...
9 months ago Go.theregister.com
Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam - Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources. Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites ...
8 months ago Blog.checkpoint.com
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
1 year ago Securityweek.com
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, ...
1 week ago Wordfence.com
Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released - Advanced ransomware campaigns expose need for AI-powered cyber defenseIn this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI ...
10 months ago Helpnetsecurity.com
New Phishing Scam Hooks META Businesses with Trademark Threats - The phishing scam falsely asserts that the victim's Facebook page will be permanently deleted due to a post allegedly infringing on trademark rights. There is no actual infringement; it's all part of the scammer's malicious plan. In a recent wave of ...
8 months ago Hackread.com
Massive utility scam campaign spreads via online ads - When customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they ...
7 months ago Malwarebytes.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
10 months ago Bleepingcomputer.com
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
9 months ago Nytimes.com
Hospitality Hackers Target Hotels' Booking.com Logins - Cyberattackers are hitting the digital road, looking to make some virtual stops at various hotels that contract with Booking.com to sell rooms. The idea is to phish the hotels' backend Booking.com logins, with the aim of taking over the accounts and ...
9 months ago Darkreading.com
Is that survey real or fake? How to spot a survey scam - Online surveys and quizzes are all over the internet. They're quick and cheap to set up, easy for recipients to fill out, and simple for researchers to interpret. It's no wonder that they remain a popular tool for marketers to reach and research ...
1 year ago Welivesecurity.com
Fake Recruiters Defraud Facebook Users via Remote Work Offers - A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials. The attackers dangle offers of ...
9 months ago Darkreading.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
9 months ago Hackread.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
10 months ago Hackread.com
- In the contemporary landscape dominated by digital interconnectedness, the escalating menace of cybercrime has assumed unprecedented proportions. The latest threat on the horizon is the insidious 'SIM Swap' scam, an advanced scheme exploiting ...
9 months ago Cysecurity.news
Indian police arrest five accused of trafficking people into scam compounds - On May 27, the National Investigation Agency said it had searched locations across six states and seized evidence like digital devices and bogus employment letters. Southeast Asia's cyber fraud industry, which is run primarily by Chinese organized ...
4 months ago Therecord.media
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
9 months ago Cysecurity.news
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
Okta warns of credential stuffing attacks targeting its CORS feature - Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta is a leading identity and access management company providing cloud-based ...
4 months ago Bleepingcomputer.com
Cyber Crime Wave: Chinese Scammers Target Europe with Fake Designer Brands - In the last couple of weeks, there has been an increase in the number of people who have been duped into sharing their card details and other personal information with a network of fake online designer shops that are operated from China, which appear ...
4 months ago Cysecurity.news
How to Protect Yourself from Job Scams: Essential Tips - The internet is a powerful tool in our career search, but it also provides cyber criminals with information and tactics they can use to exploit and deceive people looking for work. Job scams are sadly prevalent on the web, and if you’re job ...
1 year ago Tripwire.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)