A significant phishing operation has been revealed, focusing on travelers with over 4,300 fraudulent domains designed to impersonate trusted travel brands like Airbnb and Booking.com. This sophisticated campaign utilizes fake booking confirmation emails to trick victims into revealing sensitive payment information under the guise of urgent hotel reservations that purportedly need immediate confirmation to avoid cancellation.
Security researchers, notably from Netcraft, have traced the origins of this phishing campaign to Russian-speaking attackers, with the operation reportedly beginning in February 2025. The attackers cleverly ensure the authenticity of their emails with familiar logos and designs, alongside a complex redirection mechanism that masks the actual phishing site’s URL. A notable increase in fraudulent domain registrations occurred on March 20, 2025, when 511 domains were recorded in a single day, emphasizing the rapid escalation of this threat.
The phishing pages employ multiple deceptive tactics, including the use of a fake CAPTCHA to instill false confidence in victims. With real-time polling to send user keystrokes back to the attacker’s server, the sophistication of this operation poses a significant risk to unsuspecting travelers, necessitating heightened awareness and vigilance against such scams.
👉 Pročitaj original: Cyber Security News
