
Warning about a phishing scam that impersonates Booking.com.
If you work in the hospitality industry and receive a message in your inbox from a disgruntled guest on Booking.com, it is important to be on alert.
Recently, there has been a warning about a new phishing campaign targeting individuals linked to the hospitality sector. The threat consists of fraudulent emails posing as messages from Booking.com, where a supposed guest expresses discontent. Microsoft has identified this scam, which has been active since December of the previous year and employs a social engineering tactic known as ClickFix.
In these deceptive emails, the content can vary significantly, including complaints, account verification requests, and inquiries from potential guests. Each message contains a link or a PDF file that supposedly directs to the official Booking.com page to address the reported issue. However, clicking on this link leads the victim to a screen that simulates a CAPTCHA, asking them to execute a command in Windows Run, resulting in malware installation on their system. This malicious software has the potential to steal financial information and credentials, a technique that aligns with methods used by a group of cybercriminals known as Storm-1865.
Although phishing scams are common nowadays, this case is particularly sophisticated as it exploits the anxieties that professionals in the hospitality sector experience regarding customer satisfaction. To mitigate the risk of becoming a victim of these phishing attempts, Microsoft advises verifying the sender's email address, being cautious of messages that generate urgency, and hovering over links to see the full address before clicking. In case of any doubts, it is recommended to access the service provider's website directly, in this case, Booking.com, rather than following links from suspicious emails.