Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Booking.com warns of an up to 900% increase in travel scams.

June 2024 by Aaron Walton, Threat Intel Analyst of Expel

In a recent article by BBC, Booking.com CISO Marine Wilkin warns of an up to 900% increase in travel scams. Based on this, the commentary by Aaron Walton, Threat Intel Analyst of Expel, who’d like to add a little more colour to the discussion based on what Expel’s SOC has observed.

“With hospitality- and travel-themed scams on the rise, the responsibility to recognise and avoid them should not fall on hotel staff or travellers.

“For the past 18 months, the Expel security operations centre (SOC) team observed a campaign that specifically targets administrative credentials for Booking.com. We wrote previously about this campaign’s use of information stealing malware and others have published about the same criminals altering their approach to specifically target Booking.com credentials. To summarise, the attackers create phishing emails and fraudulent duplicate websites to steal usernames and passwords from hotel staff. Once stolen, the attackers use these accounts to request payment from travellers. Booking.com suggests using multi-factor authentication (MFA) to prevent such attacks, but it isn’t enough.

“Based on our knowledge of attackers, we expect that these specific criminals will continue innovating to circumvent MFA. We’ve observed this in other forms of phishing and expect to see it here if MFA adoption for Booking.com increases. These criminals have entire teams whose sole purpose is to create the fake websites and email accounts, and send the emails. They certainly have the capability to innovate further and up their game. MFA alone won’t cut it—these specific problems need to be solved with technology and collaboration.

“Technology can mitigate many of these attacks, but collaboration is essential too. Organisations can block and detect new and look-alike domains using existing tools like internet gateways, taking the responsibility off the end-user to recognize the suspicious domains. It’s also possible to detect and stop the registration and creation of these websites before they’re leveraged, but real disruption is dependent on more collaboration. Whether the actors are really using AI or not isn’t particularly important here: the nature of how the internet works alone provides plenty of avenues for defenders to identify, slow, or stop these threat actors. We urge companies to continue to collaborate to solve the problem with technology rather than leaving the responsibility to consumers.“


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts