For years, phishing campaigns have relied on urgency, deception, and impersonation to lure victims into surrendering sensitive information. A newly observed threat, however, demonstrates how cybercriminals are increasingly enhancing those tactics with stolen or exposed real-world data.
Security researchers have identified a large-scale operation in which threat actors leverage legitimate hotel reservation details to create highly convincing phishing messages that appear directly tied to a traveller’s recent booking activity.
By incorporating authentic reservation information into their communications, attackers are able to bypass many of the warning signs users typically associate with scams, significantly increasing the credibility and effectiveness of the attack. The campaign, which reportedly affects customers linked to hundreds of hotels and vacation rental properties across dozens of countries, highlights a growing trend in cybercrime where access to genuine customer data is being weaponised to enable precision-targeted social engineering and financial fraud.
By blending seamlessly into legitimate travel communications, the attackers are able to bypass the obvious warning signs of unsolicited email messages. Instead of sending unsolicited emails, the attackers approach travellers based on their current travel reservations.
A guest relations or customer service department may send messages that seem to originate from the hotel and contain specific booking details that correspond to the guest’s upcoming stay. As a routine verification request, payment confirmation, or administrative check, the communication creates a sense of legitimacy that significantly reduces suspicions of the hotel.
In the recipient’s perspective, the interaction resembles correspondence between hotels and guests, which makes the interaction very difficult to distinguish from genuine customer service initiatives. Research indicates that the scheme is more advanced than traditional phishing since it utilises the trust that has already been established by making a legitimate reservation to exploit the system.
Threat actors may also compromise hotel employee credentials through separate phishing attacks, gaining access to hotel management systems, booking portals, or partner communication platforms through phishing attacks. Criminals can use this access to interact with travellers by using legitimate channels relating to real reservations, which allows them to embed fraudulent requests within trusted processes.
Therefore, the attack has evolved from simple impersonation of a brand to the misuse of authentic hospitality infrastructure, thereby giving scammers a new level of credibility.
Therefore, the attack has evolved from simple impersonation of a brand to the misuse of authentic hospitality infrastructure, thereby giving scammers a new level of credibility.
As a consequence of this evolution, there is a broader cybersecurity concern: social engineering becomes considerably more persuasive and much harder for both organisations and travellers to detect when attackers gain access to trusted business systems and customer context simultaneously.
Although the exact source of the reservation data is currently under investigation, security experts have concluded that the information is likely to have been obtained as a result of compromises affecting hotel systems, hospitality partners, or third-party booking systems. As opposed to exploiting travellers directly, attackers typically target organisations that manage reservations directly at the onset.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: