Phishing Campaign Targets Hospitality Workers with Fake Booking.com Emails

Microsoft warns of a sophisticated 'ClickFix' social engineering attack delivering malware to steal credentials and financial data.

The phishing campaign, active since December 2024, impersonates Booking.com to target hospitality employees globally, including in the UK, North America, and Asia.
Attackers use 'ClickFix' tactics, tricking victims into executing malicious commands disguised as CAPTCHA verifications.
Malware deployed includes infostealers and remote access trojans like XWorm, Lumma Stealer, and VenomRAT, aimed at stealing credentials and financial information.
The campaign, attributed to the threat group 'Storm-1865,' seeks to hijack Booking.com accounts and exploit customer payment and personal data.
Microsoft advises verifying sender legitimacy, avoiding urgent calls to action, and accessing Booking.com accounts directly through the official website to mitigate risks.