Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hotel owners are being targeted by scammers using fake reviews to trick them into responding and compromising their systems.
Analysts at Microsoft have been tracking a phishing campaign targeting hotel owners via online travel service Booking.com.
The campaign – tracked by Microsoft as Storm-1865 – uses a social engineering technique known as ClickFix, whereby the scammer pretends to either be a customer looking for accommodation and concerned about a negative review on Booking.com or a representative of Booking.com itself.
While the initial emails may vary in content, what they have in common is either a link – or a PDF containing a link – that appears to lead to Booking.com but is, in fact, a fake site complete with a fake CAPTCHA in order to convince the victim the site is secure and legitimate.
However, the CAPTCHA prompts the victim to open a Windows Run window and paste in a command provided by the web page. This, in turn, delivers a payload to the victim’s device that installs several malware varieties, including Lumma stealer, VenomRAT, AsyncRAT, and Danabot.
All of these malware types are capable of stealing credentials and financial information.
“The rise in activity from threat actors who impersonate trusted brands like Booking.com, highlights the importance of bringing great transparency to both businesses and consumers alike about phishing scams and what signs they need to look out for so they aren’t the next victim,” Mark Anderson, national security officer at Microsoft Australia and New Zealand, told Cyber Daily.
“As we approach the extended breaks in April or those Aussies looking for a winter escape, accommodation providers are likely dealing with an influx of bookings and emails. Bad actors prey on urgency, and when email volume is high, that’s when people get caught up in trying to respond to things quickly, and don’t always stop and consider whether the email they have received is a phishing attempt.”
According to Anderson, smaller operations, such as boutique hotels, family-run businesses, and owners of private homes who lease them out to travellers, are most at risk, as they lack the cyber security awareness of larger hotel chains.
“By sharing these threats and helping educate Australians [about] phishing risks, such as verifying email senders and being wary of urgent calls to action, we can significantly reduce the risk of falling victim to these sophisticated attacks. Staying informed and cautious is key to enjoying a safe and worry-free holiday season.”
Microsoft suggests verifying the origin of all emails and contacting the service provider directly if in doubt.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
