Cyber-criminals Target Booking.com Users in Elaborate Fraud Scheme

Hackers are intensifying their assault on Booking.com customers, enticing potential collaborators on dark web forums and offering up to $2,000 for hotel login details. The attackers are exploiting hotel staff through a sophisticated chain of deceit, tricking them into downloading malicious software and gaining access to Booking.com portals. While Booking.com asserts that its platform has not been breached, individual hotels using the service are falling victim to these cyber-fraud tactics.

Customers from various countries, including the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US, and the Netherlands, have reported falling prey to fraud through the popular holiday booking website. According to cyber-security experts, hackers employ a ruse involving a malicious software called Vidar Infostealer, targeting hotel staff through fake emails.

Rafe Pilling, Director of Threat Intelligence for Secureworks Counter Threat Unit, notes, “The scam is working, and it’s paying serious dividends.” Hackers are so successful that they now offer substantial sums to criminals who share access to hotel portals. Instances of customers being duped into paying fraudsters instead of the hotel are rising, with the criminals making substantial profits from their attacks.

Booking.com app users are being contacted by hackers through the official app, convincing them to send money under false pretenses. The company, while emphasizing it has not been directly breached, acknowledges the seriousness of the situation and pledges support to impacted partners and customers. Cyber-security experts recommend the implementation of multi-factor authentication by Booking.com hotels to thwart illegal logins.

As the attack continues to evolve, security measures and vigilance become paramount for both Booking.com and its users in the face of increasingly sophisticated cyber threats.