Phishing Attack On Hotel Guests steals Financial Data
In the realm of cybersecurity, a cunning and multi-stage information theft operation is unfolding, orchestrated by hackers who have set their sights on an unexpected target: hotel guests and their valuable financial data.
The Ingenious Covert Approach
This covert approach hinges on a counterfeit Booking.com payment page, a combination that yields a notably higher success rate in swiping credit card details. Unlike typical info-stealing campaigns employing advanced social engineering tactics, this one takes an indirect route.
The Deceptive Unfolding of the Scheme
Here's how it unfolds: First, hackers initiate contact with a hotel or travel agency, often under the guise of a special request or a medical condition for a traveler. They then send a seemingly innocuous URL to customers, which conceals info-stealing malware designed to operate discreetly.
The Cybercriminals' Clever Pivot
But the plot thickens. Researchers at Akamai reveal that after pilfering data from the initial target, cybercriminals pivot to the compromised entity's customers. With this direct line of communication, they masquerade as the compromised service, requesting additional credit card verification—a classic phishing ploy that appears both urgent and rational.
The Elaborate Masquerade
Crafted with professionalism and mimicking authentic hotel interactions, these messages cast aside suspicion. They even originate from the official booking site's messaging platform, adding an extra layer of credibility. Victims are supplied with a link for the supposed card verification, which triggers an executable encoded within a complex JavaScript base64 script.
The Shielding of the Scheme
This script aims to obscure the browsing environment, thwarting analysis. The attacker deploys security validation and anti-analysis techniques, ensuring only potential victims advance to the next stage—a fraudulent Booking.com payment page.
Staying Vigilant in the Face of Complexity
While this sophisticated scheme is hard to detect, it's not impervious to scrutiny. For complex phishing attempts, your best bet is contacting the company directly through official channels to clarify any suspicious messages. Remember, cybersecurity is everyone's responsibility, whether you're a technical expert or a non-technical user. Stay tuned for more updates on how to stay safe in the ever-evolving digital world.
