Scamsters are found to be using a range of techniques including phishing, infostealers, and social engineering to cheat several customers of Booking.com, as per an investigation carried out by cybersecurity firm SecureWorks.
Booking.com customers from the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US, and the Netherlands, have been impacted, according to a BBC report. The extent of the damage is as yet unclear. Amsterdam-based Booking.com is one of the largest global companies offering a range of travel solutions.
Understanding the modus operandi
The cyberattackers deployed Vidar infostealer to gain access to a hotel’s Booking.com management portal, the investigation by SecureWorks revealed. Hackers tricked the hotel staff into downloading Vidar by sending an email pretending to be from a former guest who had left a passport in their room. Typically, the email included a Google Drive link, allegedly containing images of the passport.
However, the link downloads the malware, which steals the information needed to access Booking.com. Once the hackers log on to the booking.com website, they are able to access information about customers who have hotel or holiday reservations. The hackers use this information to directly message the customers and trick them into paying money to them instead of to the hotel.
“This activity originally appeared to suggest that Booking.com’s systems were compromised. However, the observations by SecureWorks incident responders indicate that threat actors likely stole credentials to the admin.booking.com property management portal directly from the properties and used the access to target the properties’ customers,” the SecureWorks blog said.
A bigger campaign?
The hackers are “making so much money in their attacks that they are now offering to pay thousands to criminals who share access to hotel portals,” the BBC report said.