A sophisticated phishing campaign has emerged targeting the hospitality industry, where cybercriminals impersonate Booking.com to trick hotel staff into installing malware on their systems.
The attack leverages social engineering techniques and exploits the time-sensitive nature of hotel bookings to create a sense of urgency, compelling victims to take immediate action without proper security verification.
The malicious actors send fake Booking.com emails to hotel staff containing what appears to be legitimate reservation details.
.webp)
These emails include check-in dates strategically set only a few days from the email’s arrival date, room specifications, and guest information to enhance credibility.
The deceptive messages instruct recipients to copy and paste a URL into their browser to confirm the booking.
Malwarebytes researchers noted that when hotel employees follow the instructions, they…
