Booking.com Phishing: Hotels’ Compromised Accounts Threaten Travellers

A new phishing attack campaign is actively targeting travelers, aiming to steal critical travel-related information such as booking confirmations, airline tickets, and hotel reservations. Threat actors behind this campaign are impersonating reputable travel agencies and airlines to deceive their victims.

The attack methodology involves sending deceptive emails that appear legitimate. These emails contain malicious links designed to direct unsuspecting travelers to convincing fake login pages. The primary objective is to harvest sensitive user information, including login credentials, personal data, and payment details.

The stolen information can then be used for various illicit activities, such as identity theft, financial fraud, and gaining unauthorized access to victims’ accounts. Consequences for affected travelers can include financial losses and significant disruptions to their travel plans.

To safeguard against this evolving threat, travelers are advised to exercise caution and adopt several security measures. It is crucial to always verify the sender’s email address, meticulously scrutinize links by hovering over them before clicking, and exclusively use official websites or mobile applications for bookings and managing reservations. Furthermore, enabling two-factor authentication (2FA) on travel accounts, utilizing strong and unique passwords, keeping all software updated, and reporting any suspicious emails are recommended practices to enhance security.

Read the Complete Article.