- The phishing campaign targets hotel staff using false Expedia and Cloudbeds connection pages
- The attackers show in -depth knowledge of hospital workflows to stimulate credibility
- Hotel companies are main targets due to the constant management of guests sensitive data
Hotels and other similar companies in the hotel industry are targeted by an advanced and very convincing phishing campaign.
The objective of the attacks is to collect user names, passwords and potentially multi-factor authentication tokens (MFA) from two platforms centered on hospitality: Expedia Partner Central and Cloudbeds.
It is according to the research team on Mimecast threats and researchers Samantha Clarke and Ankit Gupta. The team discovered an ongoing campaign distributing “urgent and critical object lines designed to cause immediate actions of hotel and staff directors”.
Sophisticated understanding of hospital workflows
Usually, emails discuss common monitoring alerts, system updates, confirmations for booking friends and partner central notifications. These are regular subjects in the hotel industry and are generally sensitive to time. Hotels that fail to resolve these messages in time generally end up losing income.
This means that anyone who is behind this campaign, has “a sophisticated understanding of hospitality workflows,” said the researchers. The bonds of emails then redirect the victims to malicious destination pages, designed to appear identical to the connection pages of Expedia and Cloudbeds.
This is where the attackers capture the connection identification information and, potentially, the 2FA codes. All the destination pages were hosted on Vercel, they added.
Sensitive data, such as email addresses, social security numbers, passport identification numbers, birth dates, postal and similar addresses, are very precious for cybercriminals.
They allow them to launch phishing attacks which can give them access to important services, bank accounts, etc. Companies in the hotel industry, on the other hand, constantly generate this type of data, making it a main target for campaigns like this.
Less than a month ago, a cybercriminal managed to enter the reservation system used by many hotels in Italy and to steal very sensitive information on thousands of guests. Before that, high -level hotel chains, including Marriott and Hilton, all had a sensitive customer data leak as part of a supply chain attack against a partner.
