Watch out for your personal information. New phishing campaign targets customers who have used the famous site Booking.com to book a hotel.
A little hack before going on vacation? As the end-of-year holidays arrive, a new report published by the cybersecurity company SecureWorks shows that more and more malicious hackers are attacking the customers of Booking.com, one of the most popular sites. best known for hotel and apartment reservations.
A simple Google Drive link
It is not precisely the Booking.com site that is targeted, but rather the hoteliers who use the system to manage their reservations. Using a piece of malicious code designed to steal usernames and passwords, criminals gain access to the Booking dashboard of certain establishments. From this platform, hackers can view upcoming reservations, customers’ personal information and send fraudulent emails.
Hacking itself relies, as is often the case, on human fallibility. In a first email addressed to an establishment listed on Booking, the hackers pretended to be customers who had forgotten an identity document at the hotel in question. This first message is intended to inspire confidence only and does not contain any malware. Once an employee responds, the criminals then send a Google Drive link that supposedly provides access to a photo of the ID document to make it easier to search.
It is this small link that will download a ZIP archive containing the computer worm responsible for stealing the establishment’s connection credentials. Once the archive has been downloaded and decompressed (using a password to inspire confidence that “customers” are protecting access to their personal data) the software can do its thing. The hackers then contact end customers claiming a payment problem and siphon off the victims’ bank accounts.
A large-scale campaign
Vidar, the software used to steal credentials, is already known to cybersecurity specialists. According to SecureWorks, hacks of hoteliers using the Booking system have been proliferating since, at least, the beginning of October and Booking establishment identifiers are being sold like hot cakes on specialized forums with prices varying between 30 and 5,000 dollars, or , outright, by taking a fixed share of the money stolen from customers.
Properties listed on Booking are encouraged to use two-factor authentication to avoid such mishaps. And if you are a Booking customer, be wary of possible messages from your hotel and confirm the existence of possible problems by telephone.
Source : SecureWorks
0