Hotels, and other similar businesses in the hospitality industry, are being targeted by an advanced, highly convincing, phishing campaign. The goal of the attacks is to harvest usernames, passwords, and potentially multi-factor authentication tokens (MFA) from two hospitality-centric platforms: Expedia Partner Central, and Cloudbeds.
This is according to Mimecast’s Threat Research Team, and researchers Samantha Clarke and Ankit Gupta. The team discovered an ongoing campaign distributing “urgent, business-critical subject lines designed to prompt immediate action from hotel managers and staff.”
Usually, the email messages discuss common tracking alerts, system updates, guest booking confirmations, and partner central notifications. These are regular topics in the hospitality industry, and are generally time-sensitive. Hotels that fail to address these messages on time usually end up losing revenue.
This means that, whoever is behind this campaign, has “sophisticated understanding of hospitality workflows,” the researchers further explained. The links in the emails then redirect the victims towards malicious landing pages, designed to look identical to login pages of Expedia and Cloudbeds.
This is where the attackers capture login credentials and, potentially, 2FA codes. All of the landing pages were hosted on Vercel, they added.
By Sead Fadilpašić