Dark
Light

Watch out for Bookingcom phishing scams targeting travelers

1 min read
63 views

TLDR:

  • Cybercriminals are conducting a sophisticated phishing attack targeting Booking.com.
  • The attack involves compromising hotel manager accounts and scamming customers through the Booking.com app.

Cybercriminals have launched a sophisticated phishing attack targeting Booking.com, one of the world’s leading online travel platforms. This attack, characterized by its complexity and high success rate, has been evolving over the past year, posing significant risks to hotel managers and customers. The attackers compromise the Booking.com accounts of hotel managers in the first phase of the attack, allowing them to access sensitive information and communication channels. In the second phase, they exploit these compromised accounts to scam hotel customers through the official Booking.com app.

One of the key tactics used in the attack is the creation of a fake domain that resembles a legitimate Booking.com subdomain used by hotel managers. The attackers trick hotel managers into entering their login credentials on the fake portal, allowing them to harvest sensitive information. Using JavaScript obfuscation techniques, the attackers make it difficult for automated tools and researchers to analyze the code. They also utilize Session Traversal Utilities for NAT (STUN) binding requests to facilitate communication with compromised systems.

The attackers employ dynamic cloaking to avoid detection by showing different content based on specific conditions, such as the user’s IP address or browser settings. A central hub iFrame links to numerous phishing pages targeting Booking.com and similar sites, giving attackers centralized control and valuable analytics data. Travelers and hotel managers are urged to remain vigilant and take proactive steps to protect themselves against evolving cyber threats.

Previous Story

RSNA warns of cybersecurity breach affecting personal data

Next Story

Emansrepo Malware: HTML Files Weaponized Against Windows Users

Latest from News