In a concerning development, hackers are intensifying their attacks on Booking.com customers, employing deceptive tactics and exploiting hotel portals to defraud unsuspecting users. Dark web forums are now rife with cyber-criminals offering substantial rewards, up to $2,000, for login details of hotels, creating a surge in incidents where customers have been tricked into sending money to malicious actors.
Booking.com, one of the largest platforms for holidaymakers globally, has seen customers from various countries, including the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US, and the Netherlands, reporting instances of fraud through the website. While the company asserts that its own systems remain secure, cyber-security experts reveal that criminals have found ways to compromise the administration portals of individual hotels using the service.
Researchers at Secureworks highlight the modus operandi of the hackers, starting with the use of a malicious software called Vidar Infostealer. By tricking hotel staff through a crafted email claiming to be from a former guest who left their passport in the room, criminals initiate a chain of events that culminates in the compromise of Booking.com access. This enables the hackers to contact customers through the official app and convincingly trick them into sending money, redirecting payments away from the legitimate hotel.
The success of this scam is evident, with hackers reportedly making substantial profits, leading them to offer financial incentives to other criminals who share access to hotel portals. Rafe Pilling, Director of Threat Intelligence for Secureworks Counter Threat Unit, notes, “The scam is working, and it’s paying serious dividends.”
Victims of this scheme have shared harrowing experiences, including Lucy Buckley, who fell prey to hackers pretending to be Paris hotel staff through the Booking.com app, resulting in a loss of £200. While some customers managed to secure refunds from their banks, the sophisticated nature of the attack has raised concerns among cyber-security experts.
Booking.com emphasizes its commitment to addressing the issue, stating, “While this breach was not on Booking.com, we understand the seriousness for those impacted.” The company is actively supporting its partners in securing their systems and assisting affected customers in recovering lost funds.
However, experts like Graham Cluley advocate for additional measures, suggesting the implementation of multi-factor authentication and more stringent controls on communication channels to thwart illegal logins and prevent customers from falling victim to fraudulent schemes.
