Cybercriminals intensify attacks on Booking.com users, seeking victims through dark web forums and offering up to $2,000 for hotel login details. Since at least March, customers have fallen prey to deceptive tactics, leading them to send money to hackers. While Booking.com itself remains uncompromised, the hackers employ sophisticated methods to breach individual hotel administration portals within the Booking.com service.
Customers from various countries, including the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US, and the Netherlands, have reported fraud incidents related to Booking.com. The company acknowledges the ongoing cyber threats faced by its accommodation partners and attributes them to cyber-fraud tactics.
Research by cybersecurity firm Secureworks reveals the hackers’ modus operandi. They initiate attacks by tricking hotel staff into downloading malicious software, Vidar Infostealer, through a disguised email claiming to be from a former guest. The malware then infiltrates hotel computers and searches for Booking.com access.
Once logged into the Booking.com portal, hackers identify customers with room or holiday reservations, contacting them via the official app to manipulate payments. The success of this scam prompts hackers to offer substantial sums to those who share access to hotel portals.
Rafe Pilling, director of threat intelligence for Secureworks Counter Threat Unit, notes the scam’s profitability and high success rate, emphasising the effectiveness of social engineering in targeting genuine customers. Victims recount instances of hackers using broken English to extract money by posing as hotel staff through the Booking.com app.
Booking.com emphasises its commitment to supporting partners in securing systems and aiding affected customers in recovering lost funds. Cybersecurity expert Graham Cluley urges the implementation of multi-factor authentication by Booking.com hotels to enhance security and prevent illegal logins. While Booking.com displays warning messages, Cluley suggests additional measures, such as restricting links in chat to recently established websites, to thwart scams.