If you work in hospitality and find an email in your inbox from Booking.com claiming to be an angry guest, then watch out — it may well be part of a phishing scam. Microsoft has warned that a phishing campaign has been underway sending fake emails from Booking.com which lead users to download malicious software.
In a blog post about the issue, Microsoft Threat Intelligence writes that this is an ongoing campaign which has been around since December last year, and uses a social engineering technique called ClickFix. The victim receives an email which appears to come from Booking.com and which can vary widely in its content — from guest complaints to requests for information from potential guests to account verification — and which includes a link (or attaches a PDF with a link) that claims to take the user to Booking.com to deal with the issue.
When users click on the link, they see a screen which appears to be a CAPTCHA overlay over a Booking.com page, but the CAPTCHA actually instructs the user to open up Windows Run and copy and past a command which downloads malware onto their system.
Once installed, the malware can steal financial data and credentials, a technique which Microsoft identifies as in line with a previous phishing campaign by a group it calls Storm-1865.
Phishing scams are unfortunately not unusual today, however this is a fairly sophisticated version which takes advantage of hospitality workers’ worries about guest satisfaction. To protect yourself from this and other phishing attempts, Microsoft advises users to check the sender’s address on a email, to be wary of messages about urgent threats, and to hover over links to see the full URL before clicking on them. When in doubt, go directly to the service provider — in this case, by going straight to Booking.com — rather than clicking on a link.
