Booking.com Users Falling Victim to Dark Web Scam
Booking.com users are being targeted by hackers who are selling stolen account details on the dark web, according to cyber security company SecureWorks. The cybercriminals are selling Booking.com credentials on dark web forums for as much as $2,000 after exploiting those staying in hotels.
The cyber security experts reveal that the criminals are infiltrating individual hotel administration portals linked with the service, despite Booking.com itself not being directly compromised.
In a recent report from Secureworks, an October 2023 attack was studied, uncovering the use of the Vidar infostealer to steal a hotel’s Booking.com credentials. This allowed the threat actor access to the Booking.com management portal, where they could view upcoming bookings and communicate directly with guests.
The attack involved a deceptive email sent to the hotel’s operations staff, posing as a former guest who had lost an identification document. This was followed by another email, providing a Google Drive link with alleged photos of the lost document and check-in details, which actually contained a ZIP archive file containing the Vidar infostealer.
The stolen credentials enabled the threat actor to access the hotel’s Booking.com account without multi-factor authentication and initiate fraudulent activities.
Although Booking.com’s official messaging mechanism was initially implicated, it was later found that the threat actors stole the credentials directly from the property management portal of properties.
The use of Vidar in a targeted campaign is unusual, as it is typically deployed indiscriminately to harvest credentials from web browsers. However, the flexibility of Vidar as a malware-as-a-service operation allows any threat actor to rent it for their purposes.
Organizations in the hospitality sector are recommended to raise awareness among employees about this campaign and remain vigilant against social engineering attacks. Enforcing multi-factor authentication on Booking.com accounts is suggested to prevent unauthorized access to property management portals. Additionally, individual customers are advised to exercise caution regarding emails or app messages requesting payment details, as they may be part of fraudulent schemes.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years. I have a wealth of knowledge to share with my readers, and my goal is to help them navigate the ever-changing world of cryptocurrencies.