Large-Scale Phishing Campaign Targets Booking.com Hotels and Guests Across Europe and Asia
A sophisticated and long-running phishing campaign has targeted hotels and their guests using Booking.com’s platform, according to recent threat intelligence reports.
Attackers gained access to hotel administrator accounts, extracted real reservation details, and used them to craft highly convincing messages designed to steal credentials, payment data, or deploy malware.
What Happened
Research from Microsoft reveals that threat actors:
-
compromised hotel admin accounts linked to Booking.com
-
accessed real booking metadata (guest names, dates, email)
-
sent fake payment verification or update requests
-
redirected victims to phishing pages or malicious payloads (including RAT tools)
-
attempted to steal accounts, funds, or internal system access
The attack is particularly dangerous because messages contain real reservation details, making them extremely hard to detect.
Why It Matters for Businesses
The hospitality and tourism sector is part of a broader digital supply chain, and targeted compromises can cascade into:
-
customer data exposure (GDPR)
-
fraudulent transactions
-
lateral movement to other partners or MSP-managed clients
-
reputational damage and operational disruption
DIAMATIX Perspective
Supply-chain fraud based on compromised partner accounts shows why organizations need continuous detection and correlated visibility across third-party systems.
DIAMATIX supports clients with:
-
Shield SIEM/XDR for detecting abnormal logins and account misuse
-
24/7 SOC monitoring for rapid response
-
Threat Hunting focused on credential theft and RAT activity
-
Zero-Trust access policies for admin accounts
Red Team simulations to validate communication and security controls
When attackers use real reservation data, traditional security controls are not enough. Integrated MDR visibility becomes essential.
Sources
-
Microsoft Security Research — Phishing campaigns impersonating Booking.com
Ready to go further?
Experience how continuous detection and response enhance compliance in action with MDR 360°.
→ Request MDR 360° Demo
