Getting your Trinity Audio player ready... |
Hackers are using advertisements on dark web forums to target Booking.com customers more frequently and request assistance in locating victims.
Cybercriminals are offering up to $2,000 (£1,600) for the login credentials as they continue to target hotel guests.
Customer funds have been transferred to cybercriminals since at least March.
The cunning strategies employed by the unidentified hackers are revealed by new research.
One of the biggest websites for travelers is Booking.com, however, users from the US, the Netherlands, Greece, Italy, Portugal, Indonesia, Singapore, and the UK have all complained online about being defrauded by the website.
Cybersecurity experts assert that while Booking.com has not been compromised, hackers have created means to gain access to the administration portals of specific hotels that make use of the service.
According to a Booking.com representative, the company is aware that hackers are targeting some of its lodging partners by “using a host of known cyber-fraud tactics.”
First, hackers are luring hotel employees into downloading a malicious program known as Vidar Infostealer, according to researchers at the cyber-security firm Secureworks.
To accomplish this, they send the hotel an email posing as a previous visitor who forgot their passport in their room.
Then, crooks send the employees a link on Google Drive claiming to have a picture of the passport on it. Rather than facilitating access to Booking.com, the link inadvertently infects staff computers with malware and scans hotel computers for it.
The hackers then gain access to all customers who have made reservations for hotels or vacations by logging into the Booking.com portal. After that, the hackers use the official app to message customers in an attempt to dupe them into paying them money rather than the hotel.
It seems that hackers are getting so much money from their attacks that they are now offering to pay thousands of dollars to thieves who share hotel portal access.
Director of threat intelligence for SecureWorks Counter Threat Unit Rafe Pilling says, “The scam is working and it’s paying serious dividends.”
“The high success rate of emails aimed at actual customers and seems to originate from reputable sources is probably the reason behind the demand for credentials. “This is the epitome of social engineering,” he declared.
In September, hackers using garbled English contacted Lucy Buckley via the Booking.com app and persuaded her to send them £200. She claims they posed as hotel employees in Paris, where she had made a reservation, and threatened to cancel it if she didn’t pay the money.
The actual hotel employees told her they were unaware of the payment once she sent the money. She took prompt action and was able to get a refund from her bank, which disclosed that her money had been transferred to a Moldovan account.
- Phishing hotel scam targets fans of Eurovision
- Arrested in Ukraine are ransomware hackers who are “wreaking havoc.”
A spokesperson for Booking.com said: “While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds.”
Additionally, podcaster and cyber-security expert Graham Cluley almost fell for a scam involving money transfers to hackers.
In order to make it more difficult for hackers to log in illegally, he believes Booking.com hotels should use multi-factor authentication.
Though they might be up to much more, Booking.com has begun to show a warning notice at the bottom of chat windows. To stop recently created phony websites from being used to deceive customers into paying, for example, chat links should not point to websites that are older than a few days,” he said.
Customers of Booking.com suffer as hotels become a prime target for hackers
A new phishing campaign purports to target users of Booking.com, following a wave of attacks on the hospitality sector.
InfoStealer malware is being used by hackers to obtain sensitive information about guests’ reservations, including names, dates of booking, hotel information, and payment methods, according to Perception Point, the cyber security firm in charge of identifying the attack.
In order to instill a sense of urgency, attackers craft customized messages for Booking.com users via social engineering methods.
In order to pass the verification test, users are warned that they must submit their credit card information once more. If they don’t, they risk having their reservation canceled shortly.
Clicking allows customers to view personal details such as full name, length of stay, and hotel information.
The message expressly requests the complete payment method that the targets used to make the reservation, as the threat actors only possess a portion of it. The hackers immediately obtain users’ credit card or bank information if they re-enter it.
Perception Point claims that the most concerning part of this phishing campaign is that, in contrast to more conventional phishing techniques like a rogue email or a dubious SMS, the links are sent directly through Booking.com’s platform, giving the impression of authenticity.
Although the extent of the attacks is still unknown, Perception Point estimates that a single user may have lost thousands of dollars.
According to Peleg Cabra, senior product marketing manager at Perception Point, the hospitality industry has grown in popularity as a lucrative target for cybercriminals due to its abundance of financial and personal data.
“This reality is starkly brought to light by the recent phishing campaign targeting Booking.com users. This multi-pronged assault highlights the extent to which threat actors will go in order to take advantage of well-known and reliable platforms.
“They’re taking advantage of our users’ innate trust in these platforms by using InfoStealer malware to access guests’ booking details.”
Strengthening defenses, adjusting to new threats, and making sure that both businesses and consumers are informed about the evolving threat landscape are more important now than ever.