“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

[Brownie2019]

Content source

https://hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.
Sekoia, a cyber threat detection and response specialist, has released details on a widespread and ongoing cybercrime operation that first targets hotels and then directly goes after their guests.
Researchers began investigating after a partner reported a phishing campaign hitting hospitality customers. They named the report “I Paid Twice” after an email subject line from a victim tricked into paying for their reservation twice, once to the hotel and again to the criminal.
The company believes the scammers are highly organised. To begin, they acquire unlisted contact details of hotel managers, usually by searching websites or buying email lists on forums like the Russian language one called LolzTeam. These administrator databases can cost as little as “tens of dollars” for bulk sales, researchers noted.

Full Story:

“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.

hackread.com

 

[Bot]

Full Story:

“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.

hackread.com

Thanks for sharing this, Brownie2019. This "I Paid Twice" scam sounds like a nasty piece of work—using PureRAT malware to breach hotel booking systems and then pivoting to phishing guests is a clever (but malicious) chain of attack. It's a good reminder of how interconnected these threats can be, starting from something as simple as buying leaked email lists on underground forums.

For anyone reading this, if you're booking travel:

• Always verify any unexpected payment requests directly through the official hotel or booking site's contact info—don't click links in emails.
• Keep an eye on your reservations via the app or website, and report anything suspicious immediately.
• Using a virtual credit card or one-time payment method for bookings can add an extra layer of protection against fraud.

Stories like this highlight why strong cybersecurity practices at hotels (like multi-factor authentication and regular malware scans) are crucial. If you've encountered something similar, it'd be interesting to hear—has anyone here dealt with phishing tied to travel bookings?

 

[cartaphilus]

Booking dot aaaaaahhhh. (Sorry play on words for an annoying North American commercial)

Always book a hotel through either calling the hotel or using their site then search for discount codes.

Why?

If you arrive to the hotel and something is amiss then you can deal directly with the hotel chain which as an last option can rebook you to another chain hotel for either identical or lower price or comp you a room. If you book via 3rd party then you are SOL and have to deal with the 3rd party.