Recently, we have seen a wide range of different types of malware attacks from fake job offers to new attempts that use shortcut icon files to try and lure you into a false sense of security. Often, however, these days many scams are aimed at businesses and enterprise level users and today we are reporting on new types of malware scams and cyber-attacks that are targeting hotels and travel companies such as those found on booking.com.
A report by BleepingComputer has shed on light on a particular hacker who has seemingly been working overtime recently, running phishing campaigns targeting hotels, travel agents, and other firms working in the hospitality and travel sector.
Phishing scams are when a malicious actor attempts to trick people into clicking false links or files, which will either take them to infected websites or install malware directly onto their devices. These types of scams have been becoming increasingly complex with ever increasingly genius ways of catching potential victims out popping up.
Worryingly, according to the report:
“The threat actor uses a set of 15 distinct malware families, usually remote access trojans (RATs), to gain access to the target systems, perform surveillance, steal key data, and eventually siphon money from customers.”
The emails that carry the malicious files carrying the malware have been written in a broad variety of languages including English, Spanish, and Portuguese, and they have been targeting hotels and travel companies in North America, Latin America, and Western Europe. Any unsuspecting staff at the companies who click on the false links will cause ISO files to be installed on their devices and that will then deliver the malware.
To indicate just how serious this threat it, one hotel in Portugal had its Booking.com account hacked in July, which saw roughly €500,000 stolen from customers who thought they were booking a room at the hotel. This just shows why it is more important than ever to take your cyber security serious these days. In this particular instance, making the booking with a credit card would most likely have covered you and allowed you to get your money back. You will have to check the terms and conditions of your own credit card to confirm this, however.
To make sure you yourself don’t fall victim to any credit card scams you should check out anti-phishing infographic.