Phishing messages targeting travelers and hotel staff may not require direct compromise of a hotel’s internal systems. Attackers can use information obtained from other data breaches or unrelated systems. The common element is the use of genuine reservation context to push victims into fraudulent verification or payment steps. Investigations have not fully identified the attackers, and some messages appear to be sent using phishing kits that automate collection of information. Similar kits or technical infrastructure have been observed across cases. Some organizations are strengthening defenses, while others report no breach and describe credential-phishing campaigns aimed at staff and then customers. The effectiveness comes from attackers knowing the guest identity, arrival timing, and payment details.
"“We would not say that every single phishing message we observed was definitively caused by a direct compromise of the hotel's own internal systems,” the researcher says. Phishing messages could have been sent using information from other data breaches or systems not linked to the travel industry. “The common factor is that criminals are weaponizing real reservation context and pushing travelers into a fake verification or payment flow,” Corrons says."
"Corrons says Norton has been unable to fully unpick who may be behind the attacks but says investigations are ongoing. Those sending some of the phishing messages appear to be using phishing kits designed to speed up and automate the process of sending and collecting information, he says, and in several cases the same phishing kit or technical infrastructure has been used. The company is not publishing the full list of potentially compromised hotels and holiday accommodations, Corrons says; however, he says the company has been in touch with Europol about its findings."
"“We continue to strengthen our defences to reduce risk and limit opportunities for bad actors to target our accommodation partners and our customers, and we are seeing results,” a Booking.com spokesperson says. Cloudbeds says the company has not been breached and the attacks described by the Norton researchers are credential-phishing campaigns targeting hotel staff and then customers. “The reason these scams are so effective is that the attacker isn't guessing: They know exactly who the guest is, when they're arriving, and what they paid,” Aaron Ownbey, vice president of engineering at Cloudbeds, says."
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]