This phishing campaign, active since December 2024, uses deceptive emails disguised as Booking.com communications to trick hospitality workers into downloading malware. These emails exploit concerns about guest satisfaction, ranging from fabricated complaints to requests for information or account verification. Included within these emails is a link, or a PDF containing a link, purportedly directing the recipient to Booking.com to address the issue.
The deceptive link leads to a webpage mimicking a Booking.com site, overlaid with a fraudulent CAPTCHA. This CAPTCHA prompts the user to open the Windows Run command and paste in a malicious code snippet, which downloads malware onto their system. This malware is designed to steal financial information and login credentials. Microsoft Threat Intelligence connects this tactic to a previous phishing operation attributed to a group known as Storm-1865.
This sophisticated attack plays on the pressures faced by hospitality professionals to maintain positive guest experiences. While phishing attacks are common, this campaign’s targeted approach underscores the importance of vigilance. Microsoft recommends several protective measures:
-
Verify the sender’s email address: Carefully scrutinize the email address for inconsistencies or discrepancies.
-
Beware of urgency: Be skeptical of messages demanding immediate action or highlighting urgent threats.
-
Preview links: Hover your mouse over embedded links to reveal the full URL before clicking. This can help identify suspicious destinations.
- Access services directly: When in doubt, bypass links within emails and navigate directly to the service provider’s website (e.g., Booking.com) through your browser.
This ongoing campaign highlights the evolving nature of phishing threats and reinforces the need for continuous caution and proactive security measures. By following these recommendations, hospitality workers can better protect themselves and their businesses from falling victim to these malicious schemes.
Conclusion: Remaining vigilant and employing these preventative strategies is crucial for mitigating the risks associated with sophisticated phishing campaigns like this one targeting the hospitality sector.
