The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com customers to a recently identified scam wherein hotels' Booking.com accounts are compromised to deceive users into divulging their payment details.
Researchers have observed that cybercriminals successfully obtained access to hotel login credentials through the utilization of the Vidar information stealer.
While this tool is not commonly employed in such scams, in this instance, the Vidar infostealer is utilized to infiltrate the hotel's Booking.com portal.
This unauthorized access enables cybercriminals to peruse upcoming bookings and communicate directly with guests while posing as hotel staff.
Researchers from Secureworks Counter Threat Unit™ suspect that this may be part of a broader campaign specifically aimed at targeting Booking.com users.
Characterizing it as a sophisticatedly crafted scam, researchers highlight that the hackers devised an email aimed at gaining the trust of hotel employees.
The deceptive message purportedly originated from a former guest who reported losing their ID or other valuables, seeking assistance from the hotel staff to locate the items.
A link within the email, allegedly containing a photo of the lost item, actually served to install the Vidar infostealer.
Once activated, this malware illicitly acquires the hotel's Booking.com login credentials, facilitating unauthorized access to guest reservation details.
The hook in this scam creates a sense of urgency for the guests.
The attacker contacts those having reservations at the hotel through Booking.com.
Guests receive urgent emails from the hotel demanding immediate payment confirmation to avoid booking cancellation.
According to Secureworks' report, this leads them to a fake website designed to look like Booking.com, which was created to steal their payment data.
The scammers scam the guests by draining their accounts using the stolen payment data.
They sell Booking.com credentials on the Dark Web for up to $2,000.
Although Booking.com hasn't been directly breached, the company is cooperating with impacted hotels to improve security and help affected customers.
The company emphasized using machine learning to detect suspicious activity and advised hotels and customers to stay vigilant and never provide payment details without verifying the website.
Hotels should be especially cautious of suspicious emails and enable multi-factor authentication on Booking.com and other platforms to add an extra layer of security.
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, shared his comments with Hackread.com, stating that this scam is designed to target hotels with good reputations.
RELATED ARTICLES The Benefits Of Blockchain In The Travel Industry Newly Surfaced ThirdEye Infostealer Targeting Windows Devices Fake ChatGPT and AI pages on Facebook are spreading infostealers Hotel reservation platform leaks user data from top online booking sites Hackers steal sensitive data from Japanese search engine for sex hotels.
This Cyber News was published on www.hackread.com. Publication date: Mon, 04 Dec 2023 17:43:05 +0000