Booking.com Multistep Phishing Campaign
One of the most common ways hackers manipulate online users is through malicious phishing campaigns. The popular travel reservation site Booking.com is the latest company at the center of a targeted cyberattack. Learn more about the dangerous ways hackers infiltrated the site and its impact on countless customers.
How Phishing Attacks Work
Cybercriminals aim to steal personal information from vulnerable users through phishing attacks. This common type of cyberattack usually involves impersonating a service provider, such as a bank or company. Users often receive messages demanding urgent action and payment information. Credit card thieves behind the attack then take any information provided to steal a user's identity and make unauthorized purchases.
Understanding the Booking.com Phishing Campaign
The hackers behind this large-scale campaign were able to execute their plan in a few steps. Discover exactly how this attack targets users below.
Hackers Gain Unauthorized Access To Hotel Systems
The elaborate campaign begins with cybercriminals infiltrating some hotel systems within Booking.com. Once they can access the hotel's account, they can obtain the booking information of guests who reserve their stay through Booking.com. This first step gives hackers the names, emails, and partial payment information of customers.
Users Receive Phishing Messages
The next step in this phishing campaign is to send messages to the compromised users, urging them to verify their payment information. The phony phishing email tells customers that their hotel reservation will no longer be valid if they don't confirm their payment information within the next 24 hours.
The email also includes a link to a domain that mimics Booking.com. Once users end up on the page, they'll find all their personal details already within contact forms and are asked to add their credit card information to complete the request.
Hackers Steal Credit Card Information
Any users who go to the fake website and enter their credit card numbers unknowingly give this sensitive information to cybercriminals. Once the hackers have the data, they can use it as they please. Victims often find out about their compromised financial information through unauthorized purchases on a credit card statement.
How To Avoid Phishing Attacks
Hackers hope that users will fall for a phishing attack by believing the information presented to them. However, experts encourage you to follow this advice to avoid a cyberattack:
- Thoroughly examine URLs to see if they're legitimate.
- Use caution if you receive urgent requests.
- Contact service providers directly to confirm if they requested information.
- Look for any unauthorized transactions and monitor your accounts.
These steps can help you safeguard against bad actors looking to steal your personal information.