Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

2023-12-20 21:30

Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.

When the staff then responds by requesting more information, the attacker sends a message directing the staff to open a link that supposedly contains evidence supporting their claim.

Similar to the previous examples, the attacker will instruct the staff to visit the link, which supposedly contains the information necessary for the hotel staff to familiarize themselves with the medical needs of their fake children.

Hotel staff have been advised to make themselves aware of the types of scams going around and be vigilant to any signs that the email might be an attempt at an attack.

When the hotel staff asks for reservation details, the attackers' attitude turns from grief to mild aggression, responding with a message akin to: "I have already told you about my family's grief, I have lost a very precious thing with my mother's last memories on it, if I send you a picture of the camera could you please help me."

All of the methods described in the research serve to steal hotel management credentials, which have recently been used in a spate of attacks against Booking.com customers, and have been ongoing since at least March 2023.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/20/hotel_cybercrime_research/

#credential #cybercrooks #email #hotel