Customers Targeted in Major Phishing Campaign

Written by users have become the focus of a new, large-scale phishing campaign. Discovered by Perception Point and discussed in an advisory published on Wednesday, the campaign follows a methodical four-step process.

To initiate their scheme, the attackers gain unauthorized access to hotel systems, effectively taking control of the hotel’s account. This initial breach sets the stage for their subsequent actions.

Once in control of the account, the attackers extract the personal data of hotel guests. This includes names, booking dates, hotel details and partial payment methods. 

In the third phase, the attackers utilize the stolen data to craft messages designed to play on the fears and urgency of potential victims. Guests are alerted that their bookings are at risk of cancellation within 24 hours unless they promptly provide their credit card details under the guise of a verification “test.”

In the final step, the attackers lead their victims to a phishing page that mimics, Perception Point explained. This fraudulent page comes pre-filled with victims’ personal information, and the deceptive URL further adds to the confusion. Here, victims are prompted to re-enter their credit card or bank information, unknowingly providing it to the attackers.

Read more on security: API Security Flaw Found in Allowed Full Account Takeover

Research conducted by the security firm highlighted the extensive reach of this issue, affecting hotels and resorts on a global scale. The financial losses stemming from these attacks can be substantial, and concerns regarding trust breaches and potential data misuse remain prevalent.

The security team warned that the phishing attack may be part of a larger pattern, as observed in a previous InfoStealer campaign that targeted hotels and travel agencies. 

Recommendations for users include thorough scrutiny of URLs, caution regarding urgent requests, contacting service providers directly, sharing knowledge about phishing and vigilant monitoring of accounts for any unauthorized transactions.

Editorial image credit: Burdun Iliya /

What’s hot on Infosecurity Magazine?