Booking.com confirms phishing attack against customers.
An infostealer malware campaign has been identified by Microsoft Threat Intelligence that targets victims with fake CAPTCHA tests to get users to execute malicious code to ultimately compromise Booking.com partner and customer accounts and financial data.
Booking.com Users Targeted By Storm-1865 Group To Steal Credentials
The Booking.com phishing campaign that has been unearthed by Microsoft Threat Intelligence analysts is known to employ the ClickFix threat, something I have reported before, which in turn uses fake CAPTCHA tests as a method of executing malicious code.
Specifically targeting individuals, mostly working in hospitality, funnily enough, the campaign has a broad reach: North America, Oceania, South and Southeast Asia, along with Northern, Southern, Eastern, and Western Europe. The common link being that emails are sent that purport to come from Booking.com, although the content varies wildly. It has been reported that everything from lures involving account verification and payment issues, requests from prospective guests, negative guest reviews and even online promotion opportunities have been used by the attackers.
The threat actors attempt to take advantage of human problem-solving tendencies by “displaying fake error messages or prompts that instruct target users to fix issues by copying, pasting, and launching commands that eventually result in the download of malware,” Microsoft said. It’s this use of specific user-interaction by way of typed commands and keyboard shortcuts that makes such ClickFix attacks so dangerous. They can slip through both “conventional and automated security features,” Microsoft warned.
Booking.com Systems Have Not Been Breached, Some Accommodation Partners And Customers Have Been Impacted
I reached out to Booking.com and a spokesperson provided me with the following statement, which I am publishing here in full.
Unfortunately, phishing attacks by criminal organizations pose a significant threat to many industries. While we can confirm that Booking.com’s systems have not been breached, we are aware that unfortunately some of our accommodation partners and customers have been impacted by phishing attacks sent by professional criminals, with the criminal intent of taking over their local computer systems with malware. The actual numbers of accommodations affected by this scam are a small fraction of those on our platform and we continue to make significant investments to limit the impact on our customers and partners. We are also committed to proactively helping our accommodation partners and customers to stay protected. We also provide ongoing cybersecurity education and resources to our partners to enhance their defenses against such threats. Should a customer have any concern about a payment message, we ask them to carefully check the payment policy details on their booking confirmation to be sure that the message is legitimate. Customers are also encouraged to report any suspicious messages to our 24/7 customer service team or by clicking on ‘report an issue’ which is included in the chat function. It is important to note that we would never ask a customer to share payment information via email, chat messages, text messages, or phone. We urge our customers and partners to remain vigilant. If you encounter any communication that seems suspicious or requests sensitive information through unofficial channels, please do not engage. Report it immediately to our customer service team through official Booking.com channels. Our Trust and Safety Resource Center offers additional guidance on recognizing and avoiding phishing attempts.
