- The Phishing campaign is addressed to hotel staff that uses false login pages of Expedia and Cloudbes
- The attackers show a deep knowledge of hospitality workflows to increase credibility
- Hospitality companies are main objectives due to the constant management of confidential guests
Hotels and other similar companies in the hospitality industry are being attacked by an advanced, convincing phishing campaign.
The objective of the attacks is to reap usernames, passwords and potentially multifactor (MFA) authentication tokens of two hospitality focused on hospitality: Expedia Partner Central and CloudBeds.
This is according to the Mimecast threat research team, and researchers Samantha Clarke and Ankit Gupta. The team discovered an ongoing campaign that distributes “urgent lines and business criticisms designed to cause immediate actions of managers and hotels.”
Sophisticated comprehension of hospitality flows
In general, email messages discuss common monitoring alerts, system updates, visits and central notifications of partners. These are regular issues in the hospitality industry, and are generally sensitive to time. Hotels that do not address these messages in time generally end up losing income.
This means that, who is behind this campaign, has a “sophisticated understanding of hospitality workflows,” the researchers explained. The links in the emails then redirect to the victims to malicious destination pages, designed to seem identical to the expert login pages and CloudBeds.
This is where the attackers capture login credentials and, potentially, 2FA codes. All fate pages were lodged in Vercel, they added.
Confidential data, such as email addresses, social security numbers, passports and government identification numbers, birth dates, postal and similar addresses, are quite valuable for cybercriminals.
They allow them to launch phishing attacks that can give them access to important services, bank accounts and more. Companies in the hotel industry, on the other hand, generate this type of data constantly, which makes them a main objective for campaigns like this.
Less than a month ago, a cybercriminal managed to enter the reserve system used by numerous hotels in Italy and steal highly sensitive information to thousands of guests. Before that, the high -profile hotels chains, including Marriott and Hilton, all had a confidential client data leak as part of a supply chain attack against a partner.
