The hackers pose as Booking.com to deploy malware for fraud and theft
Microsoft recently warned of an ongoing phishing campaign by threat actor Storm-1865, which targets hospitality organizations across North America, Europe, Oceania, and South and Southeast Asia by impersonating Booking.com and using the ClickFix technique to deliver credential-stealing malware.
Vishnu Rageev R is a journalist with more than 15 years of experience in business journalism. Before joining Asian Media Group in 2022, he worked with BW Businessworld, IMAGES Group, exchange4media Group, DC Books, and Dhanam Publications in India. His coverage includes industry analysis, market trends and corporate developments, focusing on retail, real estate and hospitality. As a senior journalist with Asian Hospitality, he covers the U.S. hospitality industry. He is from Kerala, a state in South India.
Microsoft Warns Hotels: Protect Against Booking.com Phishing Scam
MICROSOFT RECENTLY WARNED of a phishing campaign targeting the hospitality sector, where attackers impersonate Booking.com and use the ClickFix social engineering technique to deliver credential-stealing malware. The tech giant tracks the threat actor, Storm-1865, which has targeted hospitality organizations across North America, Europe, Oceania, and South and Southeast Asia in an ongoing campaign.
The hackers deploy info-stealing malware for financial fraud and theft through fake emails impersonating the agency, Microsoft said in a blog post.
“Starting in December, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry,” Microsoft said. “The campaign uses ClickFix to deliver multiple credential-stealing malware strains to facilitate financial fraud and theft. As of February, the campaign is ongoing.”
Microsoft said the attack specifically targets individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Europe who are likely to work with Booking.com.
“The phishing emails claim to be from Booking.com and reference negative reviews, account verification, promotions, or guest requests,” the blog post stated. “They include links or PDFs leading to fake Booking.com sites that use ClickFix to trick users into downloading malware. ClickFix displays an error or verification prompt, instructing users to copy an unseen string, paste it into a Windows terminal, and execute it.”
“Unfortunately, phishing attacks by criminal organizations pose a significant threat to many industries,” Booking.com said, according to SecurityWeek. “While Booking.com’s systems have not been breached, we are aware that some accommodation partners and customers have been impacted by phishing attacks from professional criminals attempting to take over their local computer systems with malware.”
Microsoft noted that Storm-1865 has been active since 2023, targeting hotel guests and e-commerce users with phishing campaigns.
“The number of accommodations affected by this scam is a small fraction of those on our platform, and we continue to make significant investments to limit the impact on our customers and partners,” Booking.com said.
In Storm-1865 attacks observed by Microsoft, victims are prompted to check a box to prove they are human and then press Windows + R, Ctrl + V, and Enter. “Checking the box copies a command to the clipboard, and the key presses open the Windows Run window, paste the command, and execute it,” Microsoft Threat Intelligence found. “The command downloads and runs malware such as XWorm, Lumma, VenomRAT, AsyncRAT, Danabot or NetSupport RA.”
“All these payloads include capabilities to steal financial data and credentials for fraudulent use, which is a hallmark of Storm-1865 activity,” Microsoft said. “The addition of ClickFix to this threat actor’s tactics, techniques, and procedures shows how Storm-1865 is evolving its attack chains to bypass conventional security measures.”
Meanwhile, Booking.com said it is committed to helping partners and customers stay protected.
“We provide ongoing cybersecurity education and resources to our partners to enhance their defenses against such threats,” Booking.com told SecurityWeek.
In 2022, InterContinental Hotels Group franchisees sued the company over a cyberattack that disrupted booking channels, alleging IHG ignored prior breach warnings. The attack affected reservations, customer care centers, and internal systems, including Merlin and the Help Desk.
Sonesta named Stayntouch its preferred PMS after a two-year review.
It operates more than 1,100 properties with more than 100,000 rooms across 13 brands.
The system will support franchise growth, operations and guest experience.
SONESTA INTERNATIONAL HOTELS Corp. named Stayntouch its preferred property management system provider after a two-year review for its ability to support the company’s growing franchise model. It operates more than 1,100 properties with more than 100,000 rooms across 13 brands on three continents.
The system will support franchise growth and operations, while improving the guest experience, Sonesta said in a statement.
“As we continue to grow our franchised portfolio, we needed a PMS that could match our scale while offering the flexibility and speed today’s hotel owners demand,” said Dan Ferrell, Sonesta’s vice president for enterprise applications and acting chief information officer. “Stayntouch delivers a cloud-based platform that’s intuitive for hotel teams, quick to deploy and adaptable across a range of property types and brand standards, making it an ideal fit for our evolving needs.”
Sonesta hotels will use the system to replace older PMS platforms, the statement said. It will make it faster to open or transition hotels and work for all property types. The system will connect with other systems and include support to keep operations running and maintain the business relationship across the portfolio.
Jacob Messina, CEO of Stayntouch, said the company is partnering with Sonesta as it expands its franchise portfolio.
“From day one, it was clear we shared a commitment to empowering hotel teams with technology that’s easy to adopt, flexible to scale and ready to integrate with the tools they rely on,” he said. “This partnership is about more than a platform; it’s about building a foundation that supports Sonesta’s long-term vision and operational success.”
By clicking the 'Subscribe’, you agree to receive our newsletter, marketing communications and industry
partners/sponsors sharing promotional product information via email and print communication from Asian Media
Group USA Inc. and subsidiaries. You have the right to withdraw your consent at any time by clicking the
unsubscribe link in our emails. We will use your email address to personalize our communications and send you
relevant offers. Your data will be stored up to 30 days after unsubscribing.
Contact us at data@amg.biz to see how we manage and store your data.
Duetto launched GameTime, a revenue system for select- and limited-service hotel brands.
GameTime provides rate optimization, pricing, forecasting, and performance tracking.
Alex Zoghlin was named CEO, succeeding David Woolenberg.
DUETTO, A REVENUE management software provider, launched GameTime, a revenue management system for select- and limited-service hotel brands. The company also recently named Alex Zoghlin as chief executive officer, replacing David Woolenberg.
GameTime combines rate optimization, enterprise pricing, forecasting, and performance tracking in one platform, Duetto said in a statement.
“We understand that one size doesn’t fit all,” said Sabrina Jackson, Duetto’s vice president for product management. “GameTime is built for brands operating limited- and select-service hotels, enabling teams to make pricing decisions and manage revenue operations efficiently.”
GameTime offers automated and manual pricing, reporting and forecasting, portfolio management, predefined segmentation and mobile access. Selim Hadj, RM solutions and systems director at Louvre Hotels Group, said GameTime meets the needs of limited-service hotels and aligns with the group’s revenue management strategy.
“It is the tool that delivers all the key features we need without overcomplicating the daily work of our on-site teams,” he said. “Whether general or front desk managers, our staff use it with ease and confidence. GameTime has not only streamlined our operations but also had a direct, measurable impact on our performance. Today, it’s an essential solution for any property looking to combine simplicity, efficiency, and profitability.”
Commenting on his appointment, Zoghlin said he is honored to serve as CEO and work with teams globally to deliver revenue management solutions to the hospitality industry.
“The hospitality industry is undergoing rapid transformation, driven by shifting guest expectations, rising costs, and economic volatility,” he said. “Hoteliers need stronger and more effective technology to meet their needs. With a clear product vision, strong customer ties, and a focused brand strategy, I’m confident in our ability to support hoteliers through this shift and drive the company’s next phase of growth.”
In April, Duetto acquired HotStats, a hotel benchmarking company, to expand revenue and performance tracking across rooms, F&B, and ancillary services.
97 percent are confident in meeting future cybersecurity goals; stronger threat protection is also needed.
TOP BUSINESS PRIORITIES for hospitality leaders are data security, system integration and growth enablement, according to a joint study by FreedomPay and Toast, two point-of-sale technology platforms. There is a need for secure payment processing, reflecting changes in the enterprise hospitality market and the increasing focus on customer-centric transactions.
The Enterprise Merchants Needs Assessment Study surveyed 200 hospitality decision-makers in April, including C-level executives, IT leaders and other stakeholders, to understand priorities in selecting payment solutions and POS systems.
“Enterprise hospitality leaders are facing increasing pressure to protect sensitive customer data while also delivering seamless and innovative guest experiences,” said Chris Kronenthal, FreedomPay’s president. “Our Next Level Commerce platform is uniquely positioned to address these challenges by providing a secure, integrated and scalable payment solution that empowers merchants to thrive in today’s competitive market and create exceptional customer experiences.”
The survey found that cybersecurity remains a priority in hospitality, with 97 percent of respondents confident in meeting future security goals. They also noted the need for stronger protection against evolving cyber threats.
Kelly Esten, chief marketing officer at Toast, said that with security and integration as priorities, enterprise brands need solutions that scale with their operations.
“These findings highlight the need to understand the specific requirements of the enterprise hospitality segment and to provide solutions that address them,” he said.
The study found that integration drives value, with all merchants indicating an integrated payment solution is valuable to their organization. Additionally, 52 percent cited increased data security as a top benefit, up from 28 percent in 2024.
The survey showed that growth enablement is a top priority for hospitality decision-makers, with 92 percent saying an integrated solution could scale with their business.
Separately, a recent Mews survey found about 70 percent of American travelers prefer checking in via app or kiosk over the front desk.
Red Roof is contracting with FreedomPay to provide payments across its 700+ U.S. hotels.
The company will gain an integrated solution, improved service, cost savings and efficiency.
The company is investing in people and technology to advance the brand, president Zack Gharib told Asian Hospitality.
RED ROOF IS contracting with FreedomPay to provide payments across its portfolio of more than 700 hotels in the U.S. The company will receive an integrated payment solution, upgraded service, cost savings and operational efficiency, according to a statement.
FreedomPay, a payment platform for businesses, enables payments for hotels, guests and Red Roof franchisees, the company said.
“With FreedomPay’s advanced payment gateway, Red Roof is gaining a strategic edge, driving operational efficiency and ensuring our processing is omnichannel-ready,” said Sharee Brell, Red Roof’s senior vice president of technology. “The partnership positions our brand and franchisees for greater success in the years ahead while providing our guests with an elevated experience.”
Chris Kronenthal, FreedomPay’s president, said the company is trusted by major hospitality brands and is partnering with Red Roof to deliver a unified experience for franchisees and guests.
“Our Next Level Commerce technologies will enable secure omnichannel payments at hundreds of Red Roof locations across the U.S.,” he said.
Red Roof is investing in people and technology to advance the brand, Red Roof President Zack Gharib told Asian Hospitality during an interview at AAHOA’s 2025 Convention and Trade Show.
Wyndham Upgrades 6,000+ Hotels with Cloud Payment Interface
WYNDHAM HOTELS & RESORTS deployed payment processor Elavon’s cloud payments interface to more than 6,000 franchisees in the U.S. and Canada. Hotels under Wyndham’s 25 brands can use CPI without on-site hardware for their property management systems.
The cloud-based solution is designed to reduce operational overhead, limit hardware-related security issues and support mobile check-in, Elavon said in a statement.
“The shift to Elavon’s cloud payments interface helps ensure our franchisees have access to modern, secure, and reliable payment processing solutions,” said Scott Strickland, Wyndham’s chief commercial officer. “This is more than just a technological upgrade; it’s about enabling a seamless guest experience and reducing complexity. With CPI, we can support faster check-ins, touchless payments and a secure, PCI DSS-compliant environment across all our properties.”
Wyndham franchisees can use CPI to access payment services that adjust to changing operational needs, the statement said. Benefits include integration with cloud-based third-party software—such as property management systems, reservation platforms and loyalty programs—as well as encryption and tokenization technologies to protect transactions.
Noble Tackett, Elavon’s head of merchant, institutional client group and global airlines, said CPI enables Wyndham franchisees to maintain a streamlined, secure payment process that can adapt to future growth.
“We’re excited to help Wyndham’s properties stay ahead of the curve by offering flexible solutions, such as mobile check-in, that meet the evolving needs of both franchisees and guests,” he said.
Geoff Ballotti, president and CEO of Wyndham Hotels & Resorts, recently announced new initiatives at the company’s 2025 Global Conference at Caesars Forum in Las Vegas, including technology, marketing, loyalty program updates and expansion in India.