12.12.2023 - Phishing attack on hotels

12.12.2023 - Cybercriminals have stolen hotels’ access data to booking platforms such as booking.com and are trying to defraud hotel guests.

Via the DataBreach reporting portal, the FDPIC is receiving a number of reports of data security breaches at hotels and accommodation providers that report phishing attacks via email from booking.com to their hotel guests. According to initial findings, a cyberattack (malware) may have been carried out on the (reception and administration) computers used by the hotels concerned. The attackers may have used the infected computers to steal access data and passwords for online booking platforms (channel managers). They can now use these to send phishing emails to hotel guests via booking.com in the name of the hotel.

Further information and measures for hotels and hotel guests can be found on the website of the National Cyber Security Centre (NCSC) at the following link: