Hackers are targeting users of Booking.com with a scam by selling stolen account details on the dark web. Cyber security company SecureWorks revealed that hackers are exploiting hotel guests, offering Booking.com credentials on the dark web for up to $2,000.
In a recent report by Secureworks, an October 2023 attack was investigated, revealing the use of the Vidar infostealer to steal a hotel’s Booking.com credentials. This breach allowed the threat actor access to the Booking.com management portal, providing them with the ability to communicate directly with guests and view upcoming bookings. The attack involved a deceptive email posing as a former guest who lost an identification document and later provided a Google Drive link with alleged images of the lost document and check-in details, which led to the download of a ZIP file containing the Vidar infostealer.
The stolen credentials enabled the threat actor to access the hotel’s Booking.com account without multi-factor authentication, allowing them to send messages to guests and initiate fraudulent activities. Threat actors also directed victims to malicious URLs to input payment details, leading to fraudulent transactions.
Secureworks recommends that organizations in the hospitality sector raise awareness among employees about this campaign and enforce multi-factor authentication on Booking.com accounts. Additionally, individual customers are advised to exercise caution regarding emails or app messages requesting payment details, as they may be part of fraudulent schemes.
As a result, it is essential for users to stay vigilant against such threats and avoid falling victim to these malicious activities.
Byline:
Jace Dela Cruz
