<![CDATA[⚠️ 🎣 We’re seeing an ongoing phishing campaign targeting hotels and hosts, impersonating messages from 'Booking.com' - see sample image below.]]>⚠🎣 We’re seeing an ongoing phishing campaign targeting hotels and hosts, impersonating messages from 'Booking.com' - see sample image below.

Here’s what we know so far:

➡️ Emails appear to target actual 'Booking.com' host email addresses, which may indicate that recipient data was obtained from a previous breach - the timing is particularly relevant given the 'Booking.com' data breach last month (see article - https://www.bbc.co.uk/news/articles/cly00jnnxypo).

➡️ While the emails appear to come from 'Booking.com', they are actually sent via compromised accounts.

➡️ Messages typically reference a “complaint” or “special request” requiring urgent action.

➡️ Links often use URL shorteners or services like 'share.google' to hide phishing pages

➡️ Goal is to steal login credentials or payment details through fake portals

These phishing emails are very convincing, so extra caution is prudent - here are some steps you can take to reduce risk:

✅ Be cautious of urgency or pressure in booking-related emails
✅ Avoid clicking shortened or unfamiliar links
✅ Verify requests by logging into the platform directly
✅ Report suspicious emails internally or to the platform provider

Link Preview Image
]]>https://board.circlewithadot.net/topic/5bb82879-dfe9-4fb0-ba05-4410da906fe5/we-re-seeing-an-ongoing-phishing-campaign-targeting-hotels-and-hosts-impersonating-messages-from-booking.com-see-sample-image-below.RSS for NodeFri, 15 May 2026 05:57:45 GMTThu, 07 May 2026 10:33:00 GMT60