- Phishing -campaign is targeted at hotel staff using Fake Expedia and Cloudbed’s Login -sides
- Attackers showing deep knowledge of workflows to hospitality to increase credibility
- Hospitality companies are the main targets due to constant handling of sensitive guest data
Hotels and other similar companies in the hospitality industry are targeted by an advanced, very compelling, phishing campaign.
The goal of the attacks is to harvest usernames, passwords and potentially multi-factor approval Tokens (MFA) from two hospitality-centric platforms: Expedia Partner Central and Cloudbeds.
This is according to Mimecast’s threat research team and scientists Samantha Clarke and Ankit Gupta. The team discovered an ongoing campaign that distributed “urgent, business -critical subject lines designed to encourage immediate action from hotel leaders and staff.”
Sophisticated understanding of workflows on hospitality
Usually, E -Mail messages discuss common tracking alarms, system updates, confirmations of guest booking and Partner Central Messages. These are regular issues in the hospitality industry and are generally time sensitive. Hotels that do not address these messages on time usually end up losing revenue.
This means that the person behind this campaign has “sophisticated understanding of workflows in hospitality,” the researchers explained further. Links IE emails then redirect the victims to malicious landing pages, designed to look identical to login pages in Expedia and cloudbeds.
This is where attackers catch login -credentials and potentially 2FA codes. All landing pages hosted Vercel, they added.
Sensitive data, such as E -Mail Addresses, Social Security, Passport and Government -Id numbers, Birth Dates, Mailing Addresses and the like, are quite valuable to cyber criminals.
They allow them to start phishing attacks that can give them access to important services, bank accounts and more. Businesses in the hospitality industry, on the other hand, are constantly generating this type of data, making them a main target for campaigns like this one.
Less than a month ago, a cyber criminal managed to break into the reservation system used by several hotels in Italy and steal very sensitive information about thousands of guests. Before it had high -profile hotel chains, including Marriott and Hilton, all sensitive customer data coverage as part of a supply chain attack against a partner.
