Booking.com hackers increase attacks on customers

Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are staying with them. Since at least March, customers have been tricked into sending money to cyber-criminals. New research shows the sneaky tactics being used by the unknown hackers. Booking.com is one of the largest websites for holidaymakers, but customers from the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US and Netherlands have complained online about being victims of fraud through the website. Cyber-security experts say Booking.com itself has not been hacked, but criminals have devised ways to get into the administration portals of individual hotels which use the service. A Booking.com spokesman said the company is aware that some of its accommodation partners are being targeted by hackers using "Using a host of known cyber-fraud tactics". Researchers at cyber-security company Secureworks say hackers are first tricking hotel staff into downloading a malicious piece of software called Vidar Infostealer. Instead the link downloads malware on to staff computers and automatically searches the hotel computers for Booking.com access. Then the hackers log into the Booking.com portal allowing them to see all customers who currently have room or holiday reservations. The hackers then message customers from the official app and are able to trick people into paying money to them instead of the hotel. Hackers appear to be making so much money in their attacks that they are now offering to pay thousands to criminals who share access to hotel portals. "The demand for credentials is likely so popular because it's seeing a high success rate, with emails targeting genuine customers and appearing to come from a trusted source. It's social engineering at its best," he said. Lucy Buckley was contacted through the Booking.com app in September by hackers using broken English, who convinced her to send them £200. She says they pretended to staff at the Paris hotel where she had booked a room, saying that she must pay the money or her reservation would be lost. After she sent the money, the real hotel staff informed her they had no knowledge of the payment. A Booking.com spokesman said: "While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds." Cyber-security expert and podcaster Graham Cluley was also nearly tricked into sending money to hackers. He says Booking.com hotels should implement multi-factor authentication to make it harder for criminals to log in illegally. "Booking.com has started displaying a warning message on the bottom of chat windows, but they could be doing much more than this. For instance, not allowing any links to be included in chat which go to websites that are less than a few days old would prevent freshly-made fake sites being used to trick customers into paying," he said.

This Cyber News was published on www.bbc.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Booking.com hackers increase attacks on customers

Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
1 year ago Bbc.com
Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
1 year ago Infosecurity-magazine.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
1 year ago Hackread.com
Booking.com customers targeted in hotel booking scam - Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. Secureworks outlined an attack that occurred in October 2023, when a scammer ...
1 year ago Helpnetsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
11 months ago Cysecurity.news
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
Microsoft notifies UK customers affected by hackers abusing 'verified publisher' tag - Microsoft said it has notified customers impacted by a campaign that involved the abuse of the company's "Verified publisher" status to allow access to a victim's cloud environments. Accounts can gain verified publisher status when an app publisher ...
1 year ago Therecord.media
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com
Ransomware Attacks in November Rise 67% From 2022 - Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October according to NCC Group's November Threat Pulse. As the third most active month of the year, ransomware levels in ...
1 year ago Darkreading.com
10 Million JD Sports Customers Impacted by Security Breach Hackers Steal Customer Details from Sports Fashion Retailer Data Breach at JD Sports Affects 10 Million Customers - If you've purchased trainers from sports fashion retailer JD Sports in the past, your personal details could now be in the hands of hackers. Customers of the UK high street retailer are being contacted with a warning that cybercriminals have accessed ...
1 year ago Bitdefender.com
Staying Ahead of Adversarial AI with Incident Response Automation - The security operations community constantly seeks advancements in incident response. Consolidating security telemetry data, upgrading your organization's cybersecurity posture, and integrating with various artificial intelligence and machine ...
5 months ago Securityboulevard.com
Cybercrims target hotel staff for management credentials The Register - Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. Researchers at Sophos said the latest malware campaign targeting hotels involves sending emails that play on the emotions of staff, while ...
1 year ago Go.theregister.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me
Secure email gateways struggle to keep pace with sophisticated phishing campaigns - In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in ...
9 months ago Helpnetsecurity.com
Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released - Advanced ransomware campaigns expose need for AI-powered cyber defenseIn this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI ...
1 year ago Helpnetsecurity.com
Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
9 months ago Helpnetsecurity.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
T-Mobile Hacked Again: 37 Million Customers Data Stolen - Security experts have sounded alarm bells again as the news surfaced that T-Mobile was hacked once again. This time, the personal data of around 37 million customers have been stolen by hackers. ...
1 year ago Grahamcluley.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
Digital Technologies Power Global Operations but Present Growing Risks - As more and more industries and businesses turn to digital technologies in order to power their operations, cyber-attacks present a larger and more widespread threat for organizations and enterprises all over the world. The frequency and severity of ...
10 months ago Cyberdefensemagazine.com
Investing in Cloud Infrastructure in the Kingdom of Saudi Arabia - Digital transformation is at the heart of the Kingdom of Saudi Arabia's ambitious Vision 2030 program as the nation looks to future-proof its economy and enhance people's lives. The Kingdom is looking to diversify its economy and develop public ...
6 months ago Paloaltonetworks.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)