A recent spear-phishing campaign targeting a California hotel through stolen booking.com credentials has highlighted the growing threat of cybercriminals exploiting travelers’ plans. The incident, which occurred shortly after a reservation was made through the Booking mobile app, involved scammers sending a fake message claiming to be from booking.com’s anti-fraud system requesting additional information from the customer.
Booking.com, one of the busiest travel services on the Internet with nearly 550 million visits in September, confirmed that one of its partners had experienced a security breach that allowed unauthorized access to customer booking information. The company stated that phishing attacks targeting accommodation partners are not uncommon and stressed that there was no compromise of Booking.com’s internal systems.
In response to the incident, booking.com has implemented a requirement for partners to use two-factor authentication (2FA) to access payment details securely. This additional layer of security aims to prevent cybercriminals from carrying out fraudulent activities outside of the booking platform. However, it remains unclear whether this requirement applies to all partners or only newer ones.
Security researchers from SecureWorks have detailed how scammers have been targeting booking.com hospitality partners with data-stealing malware since at least March 2023. The absence of multi-factor authentication (MFA) on some booking.com accounts has made it easier for cybercriminals to gain unauthorized access and carry out phishing attacks targeting travelers.
The phishing domain guestssecureverification[.]com, used in the fraudulent message sent to the hotel guest, was linked to an email address that had registered over 700 other phishing domains targeting various industries, including hospitality and financial platforms. This indicates a widespread and organized effort by cybercriminals to exploit vulnerabilities in online booking systems.
Cybercrime forums monitored by Intel 471 have revealed a significant demand for compromised booking.com accounts, with offers of up to $5,000 for each hotel account. These stolen credentials are used to set up fraudulent listings and facilitate other criminal activities targeting travelers.
Furthermore, services advertised on platforms like BreachForums provide phishers with tools and resources to enhance their phishing campaigns against booking.com partners. These services include access to millions of hotel email addresses and automated bots to manage large volumes of stolen data effectively.
Some cybercriminals have been found to leverage compromised booking.com accounts to create fake travel agencies offering discounted hotel reservations, while others sell configuration files to streamline automated login attempts against booking.com administrator accounts. These tactics demonstrate the sophistication and adaptability of cybercriminal operations in exploiting weaknesses in online booking systems.
In conclusion, the rise of cybercriminal activities targeting travelers and hospitality platforms underscores the importance of implementing robust security measures, such as two-factor authentication, to protect customer data and prevent fraudulent activities. The collaboration between security firms, industry stakeholders, and law enforcement agencies is essential to mitigate the risks posed by these evolving cyber threats.