Phishing Scams Put Hotel Guest Data At Risk

Uploaded on 2025-04-14 in NEWS-Cybersecurity News, FREE TO VIEW

A new  phishing campaign is using the Booking.com to  attack hotels online, using fake Captcha websites and hotel and hostel workers are being tricked into downloading credential-stealing malware by cyber criminals impersonating Booking.com. 

First identified by leading cyber security firm Malwarebytes, the attack begins with cyber criminals sending a fake Booking.com email, designed to look like a routine reservation confirmation, to the staff at the hotel’s email address, asking them to confirm a reservation.

Clicking the link leads to a near-identical replica of the Booking.com login page. At this point, a CAPTCHA screen pops up, asking the user to “prove you’re human,” and although this might seem like a normal security feature, it is part of the criminal’s scam technique.

Unfortunately, the CAPTCHA page doesn’t verify the user’s identity; instead, it copies a malicious command to the victim’s clipboard. Hotel staff are then told to paste and engage with this command in their Windows system and this will install a Trojan giving criminal hackers access to the hotel’s network. Once inside, attackers can steal guest information, including booking details, personal data, and payment information

In some cases, the attacker will deploy ransomware, locking down the booking system until a ransom is paid. Hackers can also sell this stolen data on the Dark Web, potentially affecting thousands of guests.

The best hotel security for these attacks should include checking the sender’s domain, avoiding suspicious links, logging into Booking.com manually, rather than through a link in an email, and never executing copied commands unless certain of their legitimacy. 

To protect against these threats, Booking.com advises hotels to ensure staff are trained to spot phishing attempts. 

Threatdown   |   Microsoft  |   Windows Forum   |  I-HLS   |   Camino de Santaigo   |  The Record  

Image: Ideogram 

You Might Also Read: 

Cyber Criminals Can Clone Branded Websites:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible






 

« ChatGPT's Image Generation Could Be Driving Retail Fraud 
Securing The Cloud: The Role Of DevOps Programmers & Azure Engineers In Modern Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

Innovasec

Innovasec

Innovasec provide information security consulting and training services.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.