Microsoft Threat Intelligence has identified an ongoing phishing campaign impersonating Booking.com to deliver credential-stealing malware.
The campaign, which began in December 2024, targets hospitality organizations in North America, Oceania, Asia, and Europe.
This sophisticated attack specifically aims at individuals in these organizations who are most likely to work with the popular travel platform.
The attackers send fake emails purporting to be from Booking.com, with content ranging from negative guest reviews to account verification requests.
These messages contain malicious links or PDF attachments leading to fraudulent websites that mimic Booking.com’s legitimate pages, creating a convincing illusion to trick unsuspecting victims.
Security analysts at Microsoft noted that this campaign employs a technique called “ClickFix,” which displays fake error messages instructing users to execute commands that download malware.
This…
