Phishing Scams Put Hotel Guest Data At Risk

Uploaded on 2025-04-15 in NEWS-Cybersecurity News, FREE TO VIEW

A new  phishing campaign is using the Booking.com to  attack hotels online, using fake Captcha websites and hotel and hostel workers are being tricked into downloading credential-stealing malware by cyber criminals impersonating Booking.com. 

First identified by leading cyber security firm Malwarebytes, the attack begins with cyber criminals sending a fake Booking.com email, designed to look like a routine reservation confirmation, to the staff at the hotel’s email address, asking them to confirm a reservation.

Clicking the link leads to a near-identical replica of the Booking.com login page. At this point, a CAPTCHA screen pops up, asking the user to “prove you’re human,” and although this might seem like a normal security feature, it is part of the criminal’s scam technique.

Unfortunately, the CAPTCHA page doesn’t verify the user’s identity; instead, it copies a malicious command to the victim’s clipboard. Hotel staff are then told to paste and engage with this command in their Windows system and this will install a Trojan giving criminal hackers access to the hotel’s network. Once inside, attackers can steal guest information, including booking details, personal data, and payment information

In some cases, the attacker will deploy ransomware, locking down the booking system until a ransom is paid. Hackers can also sell this stolen data on the Dark Web, potentially affecting thousands of guests.

The best hotel security for these attacks should include checking the sender’s domain, avoiding suspicious links, logging into Booking.com manually, rather than through a link in an email, and never executing copied commands unless certain of their legitimacy. 

To protect against these threats, Booking.com advises hotels to ensure staff are trained to spot phishing attempts. 

Threatdown   |   Microsoft  |   Windows Forum   |  I-HLS   |   Camino de Santaigo   |  The Record  

Image: Ideogram 

You Might Also Read: 

Cyber Criminals Can Clone Branded Websites:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible






 

« ChatGPT's Image Generation Could Be Driving Retail Fraud 
Securing The Cloud: The Role Of DevOps Programmers & Azure Engineers In Modern Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Ikerlan

Ikerlan

Ikerlan is an R&D technology centre specialising in areas including embedded systems, industrial automation and industrial cybersecurity.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Curricula

Curricula

Curricula's cyber security awareness training delivers short relatable security stories to your employees. We make learning cyber security simple and fun.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.

IT.ie

IT.ie

IT.ie are a comprehensive provider of Managed IT Services, Cloud Solutions, Cyber Security, and proactive IT support services.