Security researchers have uncovered a multi-step information stealing campaign that targets hotels, booking sites, and travel agencies in order to steal customers’ financial data. The hackers use social engineering techniques to gain access to the systems and then send phony URLs to customers under the guise of special requests or medical conditions. The URLs lead to info-stealing malware that collects sensitive information. The attackers then use the compromised entity’s messaging platform to send phishing messages to customers, disguised as legitimate requests for additional credit card verification. The message is convincing and eliminates suspicion of foul play. The victims receive a link for card verification that triggers an executable encoded in a complex JavaScript script, leading to a fake Booking.com payment page. While the scam is sophisticated, users should be cautious of unsolicited links and check for signs of deception in URLs. To protect against complex phishing campaigns, it is best to contact the company directly to confirm the message’s authenticity.
https://www.bleepingcomputer.com/news/security/hotel-hackers-redirect-guests-to-fake-bookingcom-to-steal-cards/