Microsoft has issued a warning about a phishing scam targeting hotel and accommodation owners with listings on Booking.com. The attack, detailed in a blog post, involves fraudulent emails designed to trick property owners into handing over login credentials and financial information.
The scam starts with an email that appears to be from Booking.com, alerting hotel owners to a bad review or another urgent issue requiring their attention. The email urges them to take immediate action, such as disputing the review or contacting the guest. Victims are then prompted to verify their login credentials, even completing a CAPTCHA, which adds a layer of false legitimacy. Once they follow the steps, cybercriminals gain access to their accounts, potentially exposing financial data and customer details.
While Booking.com has been targeted in scams before, this latest attack shifts focus from customers to property owners. In Malaysia, users have previously…
