⚠️ 🎣 We’re seeing an ongoing phishing campaign targeting hotels and hosts, impersonating messages from 'Booking.com' - see sample image below.

spamhaus@infosec.exchange

️ We’re seeing an ongoing phishing campaign targeting hotels and hosts, impersonating messages from 'Booking.com' - see sample image below.

Here’s what we know so far:

️ Emails appear to target actual 'Booking.com' host email addresses, which may indicate that recipient data was obtained from a previous breach - the timing is particularly relevant given the 'Booking.com' data breach last month (see article - https://www.bbc.co.uk/news/articles/cly00jnnxypo).

️ While the emails appear to come from 'Booking.com', they are actually sent via compromised accounts.

️ Messages typically reference a “complaint” or “special request” requiring urgent action.

️ Links often use URL shorteners or services like 'share.google' to hide phishing pages

️ Goal is to steal login credentials or payment details through fake portals

These phishing emails are very convincing, so extra caution is prudent - here are some steps you can take to reduce risk:

Be cautious of urgency or pressure in booking-related emails
Avoid clicking shortened or unfamiliar links
Verify requests by logging into the platform directly
Report suspicious emails internally or to the platform provider

#CyberSecurity #Phishing #ThreatIntel #InfoSec #BookingCom