Booking.com 駭客加強對客戶的攻擊力度

Cyber-criminals are intensifying their attacks on Booking. com customers. They do this by posting advertisements on dark web forums, soliciting assistance in identifying potential victims. These hackers are offering up to $2,000 (£1,600) for login credentials of hotels, as they persistently target the guests staying there. Since at least March, unsuspecting customers have been duped into transferring money to these cyber-criminals. Recent research reveals the cunning strategies employed by these unidentified hackers.

Booking. com is one of the leading websites for vacationers. However, customers from various countries including the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US and Netherlands have voiced their complaints online about being victims of fraud through the website. Cyber-security specialists assert that Booking. com itself has not been compromised, but criminals have devised methods to infiltrate the administration portals of individual hotels that utilise the service. A spokesperson for Booking. com acknowledged that some of its accommodation partners are being targeted by hackers employing a variety of known cyber-fraud tactics.

Researchers at cyber-security firm Secureworks report that hackers initially deceive hotel staff by sending an email pretending to be a former guest who has left their passport in their room. The criminals then send a Google Drive link to the staff, claiming that it contains an image of the passport. In reality, the link downloads malware onto the staff's computers, which automatically searches the hotel computers for Booking. com access. The hackers then log into the Booking. com portal, enabling them to view all customers who currently have room or holiday reservations. The hackers then message customers from the official app, successfully tricking people into paying money to them instead of the hotel.