Hackers are intensifying their attacks on Booking.com customers, using dark web forums to solicit assistance in identifying potential victims.
These cyber-criminals are willing to pay up to $2,000 (£1,600) for access to hotel login credentials, primarily targeting guests staying at these establishments.
Since at least March, customers have fallen victim to these cybercriminals, who employ increasingly cunning tactics.
While Booking.com is one of the largest travel websites globally, reports of fraudulent activities have surfaced from customers in various countries, including the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US, and the Netherlands.
Cybersecurity experts emphasize that Booking.com’s security hasn’t been breached; criminals have devised methods to infiltrate individual hotel administration portals connected to the platform.
A Booking.com spokesperson acknowledged that the company is aware of the situation, with some of its accommodation partners being targeted by hackers utilizing various well-known cyber-fraud techniques.
Researchers at cybersecurity firm Secureworks shed light on the hackers’ modus operandi. They initiate their attacks by tricking hotel staff into downloading malicious Vidar Infostealer software.
This deception involves emailing the hotel as a former guest who left their passport in their room. Subsequently, the criminals sent a Google Drive link to the staff, claiming it contained a passport image. However, the link instead deploys malware onto the staff’s computers, automatically scouring hotel systems for Booking.com access.
Once access is obtained, hackers infiltrate the Booking.com portal, enabling them to view all customers with current room or holiday reservations.
They then communicate with these customers through the official app, successfully convincing them to pay the hackers rather than the hotel.
The attackers have been so successful that they are now willing to pay substantial sums to other criminals who can provide access to hotel portals.
Rafe Pilling, director of threat intelligence for SecureWorks Counter Threat Unit, notes, “The scam is working, and it’s paying serious dividends.” He adds that the demand for login credentials is high due to a remarkable success rate, with emails targeting genuine customers and appearing trustworthy.
Lucy Buckley fell victim to this scheme in September when hackers, using broken English, coerced her into sending them £200. They posed as staff at the Paris hotel where she had booked a room, threatening her reservation’s cancellation unless she made the payment.
Upon discovering the fraud, she acted swiftly. She managed to secure a refund from her bank, which traced the money to an account in Moldova.
Booking.com issued a statement, clarifying that while the breach did not occur on their platform, they recognize the severity of the situation for those affected. The company is actively supporting its partners in fortifying their systems and assisting potentially impacted customers in recovering lost funds.
Cybersecurity expert and podcaster Graham Cluley, who nearly fell victim to the hackers himself, recommends that Booking.com hotels implement multi-factor authentication to deter illegal logins.
Cluley asserts that Booking.com could do more to protect its customers, such as preventing links in chats leading to websites less than a few days old, thereby thwarting the use of freshly created fake sites in scams.
For more tech news and insights, visit Rwanda Tech News, and explore similar topics and trends in the world of technology.
