Booking.com hackers increase attacks on customers

[webfact]

 

By Kanchan Nath
TD Editor

Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims.

 

Cyber-criminals are offering up to $2,000 (£1,600) for login details of hotels as they continue to target the people who are staying with them.Since at least March, customers have been tricked into sending money to cyber-criminals.

 

New research shows the sneaky tactics being used by the unknown hackers.Booking.com is one of the largest websites for holidaymakers, but customers from the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US and Netherlands have complained online about being victims of fraud through the website.

 

Cyber-security experts say Booking.com itself has not been hacked, but criminals have devised ways to get into the administration portals of individual hotels which use the service.

 

A Booking.com spokesman said the company is aware that some of its accommodation partners are being targeted by hackers “using a host of known cyber-fraud tactics”.

 

Researchers at cyber-security company Secureworks say hackers are first tricking hotel staff into downloading a malicious piece of software called Vidar Infostealer.

 

They do this by sending an email to the hotel pretending to be a former guest who has left their passport in their room.

 

Criminals then send a Google Drive link to the staff saying that it contains an image of the passport. Instead the link downloads malware on to staff computers and automatically searches the hotel computers for Booking.com access.

 

Then the hackers log into the Booking.com portal allowing them to see all customers who currently have room or holiday reservations. The hackers then message customers from the official app and are able to trick people into paying money to them instead of the hotel.

 

Hackers appear to be making so much money in their attacks that they are now offering to pay thousands to criminals who share access to hotel portals.

 

“The scam is working and it’s paying serious dividends,” says Rafe Pilling, director of threat intelligence for Secureworks Counter Threat Unit.

 

“The demand for credentials is likely so popular because it’s seeing a high success rate, with emails targeting genuine customers and appearing to come from a trusted source. It’s social engineering at its best,” he said.

 

Lucy Buckley was contacted through the Booking.com app in September by hackers using broken English, who convinced her to send them £200. She says they pretended to staff at the Paris hotel where she had booked a room, saying that she must pay the money or her reservation would be lost. After she sent the money, the real hotel staff informed her they had no knowledge of the payment. Acting quickly, she managed to get a refund from her bank, which revealed her money had been sent to an account in Moldova.

 

A Booking.com spokesman said: “While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds.”

 

Cyber-security expert and podcaster Graham Cluley was also nearly tricked into sending money to hackers.

 

He says Booking.com hotels should implement multi-factor authentication to make it harder for criminals to log in illegally.

 

“Booking.com has started displaying a warning message on the bottom of chat windows, but they could be doing much more than this. For instance, not allowing any links to be included in chat which go to websites that are less than a few days old would prevent freshly-made fake sites being used to trick customers into paying,” he said.

 

Source: BBC

 

Full story: TRAVEL DAILY 2023-12-06

 

- Cigna offers a range of visa-compliant plans that meet the minimum requirement of medical treatment, including COVID-19, up to THB 3m. For more information on all expat health insurance plans click here.

 

Reach a vast audience of readers interested in Thailand by featuring your business in ASEAN NOW, viewed by millions each month. For further details contact our sales team at [email protected]

 

Get our Daily Newsletter - Click HERE to subscribe

[Morch]

Bah...I was just reminding myself I need to get a move on booking a hotel room for later this month. Wonder what's the more secure option, as guess similar services aren't very different, and hotel websites, other than larger chains/brands probably not that secure anyway.

[setbkk]

Use Booking.com to search for rooms, then book directly with hotel thro hotel website.

[Mike Lister]

I think this is a big deal, it probably means that hotel systems security is compromised in other ways also.

Edited December 6, 2023 by Mike Lister

[rwill]

1 hour ago, setbkk said:

Use Booking.com to search for rooms, then book directly with hotel thro hotel website.

Since they are saying it is the hotels system that is compromised I'm not sure this would help.

Best thing to do is never use links sent to you.   Also don't give info to people calling you.   Specially those claiming something will happen if you don't give them your info.

[Dirk Z]

I received an e-mail from VISA notifying me of fraudulent use of my credit card before I even noticed it myself. They blocked the card, will send a new one and reimburse the fraud. In the app I saw it was € 80 of Uber rides in Dubai (where I had not been). Great service. Booking.com controls many online services: Agoda, Hotels.com, Rentalcars and maybe more. I think it is impossible to find a 100% safe service, but it looks like the credit card companies are alert and you always have to be alert yourself when you get e-mails about financial issues.

[RayC]

2 hours ago, Dirk Z said:

I received an e-mail from VISA notifying me of fraudulent use of my credit card before I even noticed it myself. They blocked the card, will send a new one and reimburse the fraud. In the app I saw it was € 80 of Uber rides in Dubai (where I had not been). Great service. Booking.com controls many online services: Agoda, Hotels.com, Rentalcars and maybe more. I think it is impossible to find a 100% safe service, but it looks like the credit card companies are alert and you always have to be alert yourself when you get e-mails about financial issues.

 

I had a similar experience about 6 months ago, although my Uber rides were in Canada and my card was MasterCard. The guy at my bank said that my experience was far from unique. 

[Hawaiian]

On 12/5/2023 at 7:35 PM, rwill said:

Since they are saying it is the hotels system that is compromised I'm not sure this would help.

Best thing to do is never use links sent to you.   Also don't give info to people calling you.   Specially those claiming something will happen if you don't give them your info.

Excellent advice.  I am always suspicious when I receive any type of solicitation.  AOL has been quite effective in sending these types of emails to my spam file.  Then I make a quick check before deleting anything.

[Fat is a type of crazy]

I got an email recently, apparently from a hotel I stayed at, saying I urgently needed to pay an invoice from a previous stay. I had prepaid in full and it was over 6 months since I stayed there. Not from the hotel. Did not click links or open attachments. Delete.