Hotels targeted by increasingly advanced phishing attacks

New research from Akamai shows the increasing level of sophistication that attackers will use on a series of phishing attacks targeting hospitality websites

The attacks began as early as June 2023 and focused on exploits of the Domain Name System protocols. The attacks involve new efforts to hide their origins and also add new complexity to make them harder to repel. These protocols are the essential glue that support a wide collection of online services, and are a common hacker target.

Key takeaways

• The hospitality industry as a target means that many attacks are two-pronged in nature: First they aim their phishing lures at hotel staff, such as making a series of online booking requests. The attackers then send followup emails that contain malware-infested links or photos that contain programs to steal data from the hotel site operators;
• In this particular case, the attackers had a second stage of victims: The accounts of individual customers who are using the online services were further compromised with additional malware-laced emails;
• One of the lures is to replicate hotel booking pages as part of its phishing campaign, where it would steal credit card data from potential guests. The attackers even used an online chat window to make their phony pages seem more realistic.

Get the full report at Akamai