YouTube player

Phishing scams just got more sophisticated with scammers targeting hotel staff in order to phish their customers.

Security researchers discovered a sophisticated credit card stealing campaign where the hackers first target hotel staff. They first make contact with the hotel staff under the guise of making a reservation. After establishing communications, the criminal will invoke a reason such as a medical condition or special request to send important documents via URL to the staff member. The URL leads to a malicious site that has an information-stealing malware to collect sensitive data like credentials or financial information. Once they have the staff member’s credentials, they then go after their final target, which are the hotel customers. They send out well-written professional messages, modelled after genuine hotel interactions to the customers using the now compromised hotel or booking service. The message is received by the victim through the booking site’s messaging platform to make it look legitimate. The link would be to a fake version of the hotel or booking service and would ask for the victim’s credit card details. Users are advised to avoid clicking on unsolicited links, be suspicious of urgent or threatening messages asking for immediate action and check URLs for indicators of deception.

This segment was created for the It’s 5:05 podcast