This time, the hackers targeted Booking.com customers who booked hotels on the OTA.
The system studied by cybercriminals consists of sending a message to the customer notifying them of a payment error on the Booking site, and they are asked to redo the transaction via a fraudulent link which leads the customer to be a victim of phishing.
This is a phishing campaign in which cybercriminals manage to make it appear that they are legitimate hotels through the application’s chat, thus deceiving customers who have made a reservation on the platform.
Modus operandi
Virtual thieves attack the Booking application by pretending to be hotels.
Its operation begins with a message about the reservation that might be canceled due to a credit card verification problem, indicating that it must follow the instructions that the criminals give to the customer to resolve the problem. The link they put is https://booking.net725.com, which, if detected in time by the customer, can prevent fraud.
With this method, they managed to steal up to 1,500 euros from a single customer, and this is repeated all over the world. However, Booking assures that its systems have not been hacked, but that the thefts concern the hotel profiles registered on its platform which have been usurped, so the hotels do not respond because they are fraudulent transactions.
The site immediately issued a note reminding that “no regular transaction will require you to provide your credit card details over the phone, via text message, or via email.”
