Booking.com targeted in major new phishing campaign
A compromised Booking.com hotel account was used in an elaborate phishing scheme aiming to empty customer bank accounts
An unnamed hotel has had its Booking.com account compromised, with the threat actors using this access to get a list of its clients, as well as their personal data: names, booking dates, hotel details, and partial payment methods.
Then, they crafted a malicious landing page, seemingly identical to the original Booking.com site, and reached out to people who’ve had bookings coming up.
In the message, they said that the bookings were at risk of cancellation within a day, if the users didn’t “test” their credit card details - by submitting them on the fake landing page.
Get the full story at Yahoo! Finance