Phishing Campaign Targets Hospitality Workers with Fake Booking.com Emails
Microsoft warns of a sophisticated 'ClickFix' social engineering attack delivering malware to steal credentials and financial data.
- The phishing campaign, active since December 2024, impersonates Booking.com to target hospitality employees globally, including in the UK, North America, and Asia.
- Attackers use 'ClickFix' tactics, tricking victims into executing malicious commands disguised as CAPTCHA verifications.
- Malware deployed includes infostealers and remote access trojans like XWorm, Lumma Stealer, and VenomRAT, aimed at stealing credentials and financial information.
- The campaign, attributed to the threat group 'Storm-1865,' seeks to hijack Booking.com accounts and exploit customer payment and personal data.
- Microsoft advises verifying sender legitimacy, avoiding urgent calls to action, and accessing Booking.com accounts directly through the official website to mitigate risks.