Source URL: https://www.theregister.com/2025/03/13/bookingdotcom_phishing_campaign/
Source: The Register
Title: That ‘angry guest’ email from Booking.com? It’s a scam, not a 1-star review
Feedly Summary: Phishers check in, your credentials check out, Microsoft warns
An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees’ inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…
AI Summary and Description: Yes
Summary: The text highlights a phishing campaign that targets hospitality employees through fraudulent emails impersonating Booking.com. This campaign, attributed to threat actor group Storm-1865, utilizes social engineering to deploy credential-stealing malware, showcasing evolving tactics in financial fraud and malware distribution.
Detailed Description:
– The phishing campaign, identified by Microsoft Threat Intelligence, has been ongoing since December and is characterized by emails that appear to come from Booking.com, aimed primarily at hospitality employees.
– Attackers employ social engineering tactics, utilizing recognizable brands to lower victims’ defenses and encourage interaction with malicious content.
– Key points regarding the campaign include:
– **Target Groups**: Specifically targets hospitality employees across North America, Oceania, South and Southeast Asia, and Europe.
– **Tactics**: Emails often feature varied content to elicit immediate reactions, referencing negative reviews, account verification, or promotional opportunities.
– **Malicious URLs**: Links in the emails lead to attacker-controlled websites disguised as Booking.com, incorporating fake CAPTCHA puzzles to trick users into executing harmful commands.
– **ClickFix Technique**: This method prompts victims to perform actions (e.g., opening Windows Run and pasting commands) that ultimately download malware, enhancing the likelihood of evading standard security measures.
– **Targets of Theft**: The payloads focus on stealing credentials and financial information, aligning with the historical operations of Storm-1865 noted for financial fraud campaigns.
– The report indicates that these phishing efforts have been increasing in volume and complexity, demonstrating the persistent threat posed by organized cybercriminal groups.
– Microsoft did not disclose specific details about the geographic origin of Storm-1865 or the number of affected organizations, indicating a degree of uncertainty in the overall impact of the campaign.
This highlights the need for robust security measures, employee training, and vigilance against phishing attempts, especially in sectors like hospitality where employees have access to sensitive information. Organizations should consider implementing advanced email filtering and user verification processes to mitigate such threats.