Particle.news

Download on the App Store

Phishing Campaign Targets Hospitality Workers with Fake Booking.com Emails

Microsoft warns of a sophisticated 'ClickFix' social engineering attack delivering malware to steal credentials and financial data.

  • The phishing campaign, active since December 2024, impersonates Booking.com to target hospitality employees globally, including in the UK, North America, and Asia.
  • Attackers use 'ClickFix' tactics, tricking victims into executing malicious commands disguised as CAPTCHA verifications.
  • Malware deployed includes infostealers and remote access trojans like XWorm, Lumma Stealer, and VenomRAT, aimed at stealing credentials and financial information.
  • The campaign, attributed to the threat group 'Storm-1865,' seeks to hijack Booking.com accounts and exploit customer payment and personal data.
  • Microsoft advises verifying sender legitimacy, avoiding urgent calls to action, and accessing Booking.com accounts directly through the official website to mitigate risks.
Hero image