E-mail attacks on the hotel business
Threat actors are targeting hotel staff with malicious and phishing e-mails
Since last summer, hotel owners and employees have received malicious emails disguised as ordinary correspondence from guests or Booking.com. These emails aim to steal login credentials or infect hotel systems with malware.
Key takeaways
- Generally, the correspondence follows one of two topics: complaints, or inquiries to clarify some details;
- In some cases, attackers adopt methods more common to targeted attacks — no malicious link is sent in the first or even the second e-mail. To lull the victim’s vigilance, they initiate a conversation with one or more short, seemingly innocuous messages, asking questions about accommodation conditions at the hotel;
- By and large, the cybercriminals’ objective in all these cases is to obtain credentials. These can then be used in other scams or simply sold, as databases of such usernames and passwords are in high demand on the dark web.
Get the full story at Kaspersky