Security researchers have uncovered a sophisticated multi-step information-stealing campaign that targets hotels, booking sites, and travel agencies to access customers’ financial data. The cybercriminals employ a unique approach, utilizing a fake Booking.com payment page, which significantly enhances their success rate in collecting credit card information.
Furthermore, the attack begins with a seemingly innocuous query for a reservation or references to existing bookings, and once communication is established, the criminals manipulate victims into clicking a URL that leads to info-stealing malware. This malware operates covertly, extracting sensitive data such as credentials and financial information.
Additionally, what sets this campaign apart is its ability to target the customers of the compromised entities after successfully executing the info-stealer on the initial target, usually a hotel. By maintaining direct and trusted communication channels, cybercriminals send phishing messages that appear as legitimate requests from the compromised hotel, booking service, or travel agency. These messages request additional credit card verification, using persuasive language and sounding professional, making it difficult for victims to suspect foul play.
Despite the attackers‘ sophisticated techniques, individuals are advised to remain cautious, avoid clicking on unsolicited links, scrutinize messages for signs of urgency, and verify the authenticity of URLs. Additionally, contacting the company directly through official channels for clarification can help safeguard against complex phishing campaigns.
