Phishing Scams Put Hotel Guest Data At Risk

Uploaded on 2025-04-14 in NEWS-Cybersecurity News, FREE TO VIEW

A new  phishing campaign is using the Booking.com to  attack hotels online, using fake Captcha websites and hotel and hostel workers are being tricked into downloading credential-stealing malware by cyber criminals impersonating Booking.com. 

First identified by leading cyber security firm Malwarebytes, the attack begins with cyber criminals sending a fake Booking.com email, designed to look like a routine reservation confirmation, to the staff at the hotel’s email address, asking them to confirm a reservation.

Clicking the link leads to a near-identical replica of the Booking.com login page. At this point, a CAPTCHA screen pops up, asking the user to “prove you’re human,” and although this might seem like a normal security feature, it is part of the criminal’s scam technique.

Unfortunately, the CAPTCHA page doesn’t verify the user’s identity; instead, it copies a malicious command to the victim’s clipboard. Hotel staff are then told to paste and engage with this command in their Windows system and this will install a Trojan giving criminal hackers access to the hotel’s network. Once inside, attackers can steal guest information, including booking details, personal data, and payment information

In some cases, the attacker will deploy ransomware, locking down the booking system until a ransom is paid. Hackers can also sell this stolen data on the Dark Web, potentially affecting thousands of guests.

The best hotel security for these attacks should include checking the sender’s domain, avoiding suspicious links, logging into Booking.com manually, rather than through a link in an email, and never executing copied commands unless certain of their legitimacy. 

To protect against these threats, Booking.com advises hotels to ensure staff are trained to spot phishing attempts. 

Threatdown   |   Microsoft  |   Windows Forum   |  I-HLS   |   Camino de Santaigo   |  The Record  

Image: Ideogram 

You Might Also Read: 

Cyber Criminals Can Clone Branded Websites:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible






 

« ChatGPT's Image Generation Could Be Driving Retail Fraud 
Securing The Cloud: The Role Of DevOps Programmers & Azure Engineers In Modern Cybersecurity »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Panzura

Panzura

Panzura optimizes enterprise data storage management and distribution in the cloud, making cloud storage simple and secure.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

French Expert Center Against Cybercrime (CECyF)

French Expert Center Against Cybercrime (CECyF)

CECyF is a centre of excellence for countering cybercrime in France.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

BlueVoyant

BlueVoyant

BlueVoyant's Cyber Defense Platform is security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Valmet

Valmet

Valmet is a leading global developer and supplier of process technologies, automation and services for the pulp, paper and energy industries.