Microsoft has reported an active phishing campaign targeting the hospitality sector, primarily through impersonation of Booking.com. This operation, named Storm-1865, began in December 2024 and utilizes a technique called ClickFix, tricking users into downloading malware. The campaign targets various regions across the globe and relies on deceptive emails prompting users to respond to supposed negative customer reviews. Recipients are misled into clicking links to counterfeit pages that mimic Booking.com, which are designed to appear legitimate, thus increasing the probability of infecting victims with malware.
This phishing attack specifically targets individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Northern, Southern, Eastern, and Western Europe.
The fake CAPTCHA is where the webpage employs the ClickFix social engineering technique to download the malicious payload.
Collection
[
|
...
]