Booking.com confirms the PHSIHING attack against customers.
A Malware Infostealer’s campaign has been identified by the intelligence of Microsoft’s threat aimed at victims with fake CAPTCHA tests to make the user execute the code with maliciously to finally compromise partner and customer accounts and financial data.
Booking.com Target users from Storm-1865 group to steal credentials
The Phishing Booking.com campaign that has been discovered by Microsoft Craving’s intelligence analysts is known to use the CLICKFIX threat, something I have reported before, which in turn uses false CAPTCHA tests as a malignant code execution method.
Specifically aiming at individuals, mainly working on hospitality, enough, the campaign has a wide reach: North America, Oceania, South and Southeast Asia, along with northern, southern, eastern and western Europe. The usual link is that emails are sent to that goal to come from Booking.com, though the content changes wildly. It is reported that everything from the seductions involving account verification issues and payments, requests from future guests, negative friends reviews and even internet promotion opportunities have been used by attackers.
Threat actors try to take advantage of the trends in solving human problems by “displaying wrong false messages or incentives that guide the target users to adjust the issues by copying, adjacent and launched commands that eventually result in malware discharge,” Microsoft said. This use of specific user interaction through printed commands and keyboard shortcuts that make such dangerous click attacks. They can switch to both “conventional and automated security features,” Microsoft warned.
Booking.com Systems have not been violated, some accommodation partners and customers have been affected
I arrived at Booking.com and a spokesman gave me the following statement, which I am publishing here completely.
Unfortunately, Phishing attacks by criminal organizations pose a significant threat to many industries. While we can confirm that Booking.com systems have not been violated, we are aware that unfortunately some of our accommodation partners and clients have been influenced by Phishing attacks sent by professional criminals, with the criminal intention of taking on their local computer systems with malware. The current number of accommodations affected by this scam are a small part of those on our platform and we continue to make important investments to limit impact on our customers and partners. We are also committed to actively assisting our accommodation partners and staying protected. We also provide continued internet security education and resources for our partners to increase their protection against such threats. If a client has any concerns for a payment message, we ask them to carefully check the details of the payment policy in confirming their booking to be sure that the message is legal. Customers are also encouraged to report any suspicious message to our 24/7 customer service team or by clicking on ‘Report an issue’ that is involved in the conversation function. It is important to note that we will never ask a client to share payment information via email, conversation messages, text messages or phone. We encourage our clients and partners to remain vigilant. If you encounter any communication that seems suspicious or requires sensitive information through unofficial channels, please do not engage. Report to our customer service team immediately through official Booking.com channels. Our trust and safety resource center offers additional guidelines for recognizing and avoiding phishing efforts.