Cybercriminals Leverage Hijacked Booking.com accounts for Phishing
I recently heard about a wave of scams exploiting Booking.com users. So I went and researched it for myself. I came across a post on the r/travel subreddit about such an incident. [1] The user received a seemingly authentic message with a URL via Booking.com 's app. They provided their credit card information and said that “within mere minutes of this, an attempt was made to use [their] credit card for an online purchase.” As others pointed out on Reddit, the most likely scenario here is that the hotel's account with Booking.com has been compromised, or the hotel's own email account was compromised. I then looked up the phishing site sent via the Booking.com in-app messaging system in VirusTotal to find the IP address and checked that in URLscan. As I imagined, the offending IP address had a bunch of other Booking.com phishing domains that resolved to it. This revealed a widespread campaign. [2, 3] Further research on this topic led me to a recent Secureworks blo...