Fake Booking.com emails trick hotel staff into running AsyncRAT malware via fake CAPTCHA, targeting systems with remote access trojan.
A new phishing campaign is targeting hotel staff with fake Booking.com emails, tricking victims into executing malicious commands on their own systems. The scam appears well-planned, combining social engineering with the end aim to infect and compromise hotel networks with AsyncRAT.
The attack begins with a message that appears to come from Booking.com. The email claims a guest has left behind important personal belongings and urges the hotel manager to click a button labelled “View guest information.”
The email is polite, urgent and designed to look legitimate, typical of social engineering attempts designed to trick people into clicking without thinking.
Clicking the link takes the user to a lookalike Booking.com site hosted at:…
Boutique Travel VC raises investment cap from $1.5M to $10M to lead rounds and support portfolio companies through growth Travel...
Read moreDetails
