Booking.com customers targeted in major new phishing campaign

A compromised Booking.com hotel account was used in an elaborate phishing scheme aimed at draining customers’ bank accounts, a new report from cybersecurity experts Perception Point claims.

According to the report, an unnamed hotel’s Booking.com account has been compromised, with the threat actors using this access to obtain a list of its customers as well as their personal data: names, booking dates, hotel details and partial payment methods . They then created a malicious landing page, seemingly identical to the original Booking.com site, and targeted people who had an upcoming booking.