Skip to content

Search

Latest Stories

Microsoft warns hotels of phishing campaign

The hackers pose as Booking.com to deploy malware for fraud and theft

Microsoft warns of phishing scam impersonating Booking.com to target hotels with credential-stealing malware.

Microsoft recently warned of an ongoing phishing campaign by threat actor Storm-1865, which targets hospitality organizations across North America, Europe, Oceania, and South and Southeast Asia by impersonating Booking.com and using the ClickFix technique to deliver credential-stealing malware.

Photo credit: iStock

Microsoft Warns Hotels: Protect Against Booking.com Phishing Scam

MICROSOFT RECENTLY WARNED of a phishing campaign targeting the hospitality sector, where attackers impersonate Booking.com and use the ClickFix social engineering technique to deliver credential-stealing malware. The tech giant tracks the threat actor, Storm-1865, which has targeted hospitality organizations across North America, Europe, Oceania, and South and Southeast Asia in an ongoing campaign.

The hackers deploy info-stealing malware for financial fraud and theft through fake emails impersonating the agency, Microsoft said in a blog post.


“Starting in December, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry,” Microsoft said. “The campaign uses ClickFix to deliver multiple credential-stealing malware strains to facilitate financial fraud and theft. As of February, the campaign is ongoing.”

Microsoft said the attack specifically targets individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Europe who are likely to work with Booking.com.

“The phishing emails claim to be from Booking.com and reference negative reviews, account verification, promotions, or guest requests,” the blog post stated. “They include links or PDFs leading to fake Booking.com sites that use ClickFix to trick users into downloading malware. ClickFix displays an error or verification prompt, instructing users to copy an unseen string, paste it into a Windows terminal, and execute it.”

“Unfortunately, phishing attacks by criminal organizations pose a significant threat to many industries,” Booking.com said, according to SecurityWeek. “While Booking.com’s systems have not been breached, we are aware that some accommodation partners and customers have been impacted by phishing attacks from professional criminals attempting to take over their local computer systems with malware.”

Microsoft noted that Storm-1865 has been active since 2023, targeting hotel guests and e-commerce users with phishing campaigns.

“The number of accommodations affected by this scam is a small fraction of those on our platform, and we continue to make significant investments to limit the impact on our customers and partners,” Booking.com said.

In Storm-1865 attacks observed by Microsoft, victims are prompted to check a box to prove they are human and then press Windows + R, Ctrl + V, and Enter. “Checking the box copies a command to the clipboard, and the key presses open the Windows Run window, paste the command, and execute it,” Microsoft Threat Intelligence found. “The command downloads and runs malware such as XWorm, Lumma, VenomRAT, AsyncRAT, Danabot or NetSupport RA.”

“All these payloads include capabilities to steal financial data and credentials for fraudulent use, which is a hallmark of Storm-1865 activity,” Microsoft said. “The addition of ClickFix to this threat actor’s tactics, techniques, and procedures shows how Storm-1865 is evolving its attack chains to bypass conventional security measures.”

Meanwhile, Booking.com said it is committed to helping partners and customers stay protected.

“We provide ongoing cybersecurity education and resources to our partners to enhance their defenses against such threats,” Booking.com told SecurityWeek.

In 2022, InterContinental Hotels Group franchisees sued the company over a cyberattack that disrupted booking channels, alleging IHG ignored prior breach warnings. The attack affected reservations, customer care centers, and internal systems, including Merlin and the Help Desk.

More for you

Duetto Launches “GameTime” RMS for Select‑Service Hotels

Duetto launches RMS for select-service

Summary:

  • Duetto launched GameTime, a revenue system for select- and limited-service hotel brands.
  • GameTime provides rate optimization, pricing, forecasting, and performance tracking.
  • Alex Zoghlin was named CEO, succeeding David Woolenberg.

DUETTO, A REVENUE management software provider, launched GameTime, a revenue management system for select- and limited-service hotel brands. The company also recently named Alex Zoghlin as chief executive officer, replacing David Woolenberg.

Keep ReadingShow less
integrated POS systems hotels

Report: Hospitality tech focuses on security, growth

Summary

  • Hospitality leaders prioritize security, integration, growth, and payments, according to FreedomPay and Toast.
  • Secure payment processing remains essential amid market shifts.
  • 97 percent are confident in meeting future cybersecurity goals; stronger threat protection is also needed.

TOP BUSINESS PRIORITIES for hospitality leaders are data security, system integration and growth enablement, according to a joint study by FreedomPay and Toast, two point-of-sale technology platforms. There is a need for secure payment processing, reflecting changes in the enterprise hospitality market and the increasing focus on customer-centric transactions.

Keep ReadingShow less
Red Roof partners with FreedomPay to streamline payments in 700+ U.S. hotels
Photo credit: Red Roof

Red Roof taps FreedomPay for 700+ hotels

Summary:

  • Red Roof is contracting with FreedomPay to provide payments across its 700+ U.S. hotels.
  • The company will gain an integrated solution, improved service, cost savings and efficiency.
  • The company is investing in people and technology to advance the brand, president Zack Gharib told Asian Hospitality.

RED ROOF IS contracting with FreedomPay to provide payments across its portfolio of more than 700 hotels in the U.S. The company will receive an integrated payment solution, upgraded service, cost savings and operational efficiency, according to a statement.

Keep ReadingShow less
Wyndham hotel using mobile cloud-based payment system with guest check-in
Photo credit: Wyndham Hotels & Resorts

Wyndham deploys Elavon CPI to franchisees

Wyndham Upgrades 6,000+ Hotels with Cloud Payment Interface

WYNDHAM HOTELS & RESORTS deployed payment processor Elavon’s cloud payments interface to more than 6,000 franchisees in the U.S. and Canada. Hotels under Wyndham’s 25 brands can use CPI without on-site hardware for their property management systems.

The cloud-based solution is designed to reduce operational overhead, limit hardware-related security issues and support mobile check-in, Elavon said in a statement.

Keep ReadingShow less