IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Phishing
#
Advanced Persistent Threat Protection

Microsoft exposes phishing scam targeting Booking.com hosts

Yesterday
Author image
By Sean Mitchell, Publisher

Microsoft has disclosed a phishing scam targeting hotel and accommodation owners with listings on Booking.com, aiming to alert the tourism sector and consumers.

According to Microsoft, the scam involves fraudulent emails that appear to be from Booking.com, suggesting scenarios such as a guest leaving a bad review. These emails urge recipients to take action, leading them to verify their login through PDF documents or links, falsely building confidence through a CAPTCHA process. However, completion of the process results in the cybercriminals gaining access to login credentials and financial information.

This phishing scheme is part of a pattern identified by Microsoft since early 2023, with scammers shifting focus towards hotel and accommodation owners this time. Historically, similar scams have duped guests into sharing financial details due to fake emails claiming imminent booking cancellations. The Australian Competition and Consumer Commission (ACCC) has reported substantial financial losses amounting to over AUD $337,000 due to these scams.

Australia's hotel and accommodation listings on Booking.com range from major chains to small motels and private accommodations. Smaller operators are often unprepared for such cyber threats, lacking adequate cybersecurity measures and awareness. This underscores the necessity for heightened awareness about such scams and the protective steps that should be taken.

Microsoft's blog outlines several protective steps for accommodation providers and consumers to guard against phishing scams. Key recommendations include verifying the sender's email by hovering over it, as legitimate entities will not solicit personal or financial information via unsolicited emails or calls. Additionally, using official contact forms on service providers' websites is advised when suspicion arises.

Users are encouraged to be mindful of emails demanding immediate actions, as scams commonly leverage a sense of urgency. It is also advised to inspect full URLs by hovering over links, as malicious links could install malware on devices. Conducting direct searches for official websites in browsers is deemed safer.

Microsoft cautions against email scams that exhibit poor spelling or grammar and subtle misspellings in domain names. They stress that educating staff to recognise phishing scams is critical for prevention.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Brivo unveils cloud-based platform to simplify security
Australia introduces new cybersecurity compliance laws 2024
Study reveals global views on journalism & technology
Harnessing Automation and AI to Transform IT and Business Management
Hybrid breakthrough in quantum computing workflow unveiled
Top stories
SUSE & Infosys join forces for innovative AI solution
Adobe & Estée Lauder partner on GenAI projects
How to build a chatbot for retail: A guide to leveraging AI for enhanced customer experience
CyberArk report reveals rise in machine identity breaches
Exclusive: GBG's Carol Chris on innovation, fraud prevention and growth