Phishing Scams Put Hotel Guest Data At Risk

Uploaded on 2025-04-14 in NEWS-Cybersecurity News, FREE TO VIEW

A new  phishing campaign is using the Booking.com to  attack hotels online, using fake Captcha websites and hotel and hostel workers are being tricked into downloading credential-stealing malware by cyber criminals impersonating Booking.com. 

First identified by leading cyber security firm Malwarebytes, the attack begins with cyber criminals sending a fake Booking.com email, designed to look like a routine reservation confirmation, to the staff at the hotel’s email address, asking them to confirm a reservation.

Clicking the link leads to a near-identical replica of the Booking.com login page. At this point, a CAPTCHA screen pops up, asking the user to “prove you’re human,” and although this might seem like a normal security feature, it is part of the criminal’s scam technique.

Unfortunately, the CAPTCHA page doesn’t verify the user’s identity; instead, it copies a malicious command to the victim’s clipboard. Hotel staff are then told to paste and engage with this command in their Windows system and this will install a Trojan giving criminal hackers access to the hotel’s network. Once inside, attackers can steal guest information, including booking details, personal data, and payment information

In some cases, the attacker will deploy ransomware, locking down the booking system until a ransom is paid. Hackers can also sell this stolen data on the Dark Web, potentially affecting thousands of guests.

The best hotel security for these attacks should include checking the sender’s domain, avoiding suspicious links, logging into Booking.com manually, rather than through a link in an email, and never executing copied commands unless certain of their legitimacy. 

To protect against these threats, Booking.com advises hotels to ensure staff are trained to spot phishing attempts. 

Threatdown   |   Microsoft  |   Windows Forum   |  I-HLS   |   Camino de Santaigo   |  The Record  

Image: Ideogram 

You Might Also Read: 

Cyber Criminals Can Clone Branded Websites:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible






 

« ChatGPT's Image Generation Could Be Driving Retail Fraud 
Securing The Cloud: The Role Of DevOps Programmers & Azure Engineers In Modern Cybersecurity »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Idaptive

Idaptive

Idaptive delivers Next-Gen Access through a zero trust approach. Idaptive secures access everywhere with single sign-on, adaptive MFA, EMM and analytics.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.