Bad news for vacationers and for the Booking.com site: hackers are deploying a new tactic to steal banking data. An indirect and rather well-crafted approach that seems to work wonderfully.
While some hackers focus on specific services, such as Midnight Blizzard with Microsoft Teams or law firms, others remain in more classic theft. For example, this year we are seeing an increase in Magecart attacks, which target banking data on e-commerce platforms.
This time, it is the field of tourism and online booking that is being targeted. Instead of attacking customers directly, hackers prefer to infiltrate the systems of hotels and vacation shopping sites. Example with the well-known site Booking.com.
Indirect, but effective hacking
THE modus operandi put forward by security researchers is very well oiled. Hackers begin their attack by establishing a link with a hotel, pretending to be a new reservation or targeting an existing one. Then, they send a URL to the establishments they have in their sights.
The URL is actually a decoy, which will be used to collect data. Hackers cite a specific reason to justify this sending: request for additional confirmation of the reservation or medical justification, for example. Targeted companies, convinced that they are dealing with a real customer, click on the trapped URL. But behind this harmless link lies software programmed to steal sensitive data discreetly.
A professionally designed lure
This whole thing is the first step in deception. An observation established by the company Akamai (American company providing servers for businesses) shows that the attack continues after that. As soon as the link is established with a hotel, hackers can establish direct communication with the people who have booked a stay. A phishing message is then sent to them, perfectly imitating an official message.
In it, customers are asked for additional verification of their credit cards. It is formulated so that they understand that the situation is urgent, for example with the threat of cancellation of a current reservation. Once the bait is launched, the victim clicks on the link in the message, which sends them directly to a fake page on the Booking.com site, similar in every way to the official one (see screenshot below). -above). Convinced that they are facing the real site, people enter their credit card number, and that’s it for the hackers!
Although very worrying, it must be admitted that these phishing techniques are well-crafted. One more reason to always remain on guard when receiving messages of an urgent nature or with a threatening tone. If in doubt, it is always better to contact the company concerned directly by telephone or email rather than clicking on a URL received by message. Phishing campaigns are becoming more and more sophisticated, and vigilance must be required at all levels.
Source : Bleeping Computer
2