Bleeping Computer reported:
Hotel hackers redirect guests to fake Booking.com to steal cards.
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers.
By using this indirect approach and a fake Booking.com payment page, cybercriminals have found a combination that ensures a significantly better success rate at collecting credit card information.
After establishing communication with the hotel, the criminals invoke a reason, such as a medical condition or a special request for one of the travelers, to send important documents via a URL.
The URL leads to info-stealing malware that “is designed to operate stealthily” and collects sensitive data like credentials or financial info.
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers.
By using this indirect approach and a fake Booking.com payment page, cybercriminals have found a combination that ensures a significantly better success rate at collecting credit card information.
After establishing communication with the hotel, the criminals invoke a reason, such as a medical condition or a special request for one of the travelers, to send important documents via a URL.
The URL leads to info-stealing malware that “is designed to operate stealthily” and collects sensitive data like credentials or financial info.
Find the original article and check out the image of the message here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat