Threat actors have registered over 4,300 domain names since the beginning of the year to create sophisticated phishing pages as part of an ongoing, massive
phishing campaign . The registered domain names contain the impersonated business name and keywords (such as confirmation, booking, guestverify, guestcheck, cardverify, or reservation), followed by random numbers. Threat actors target potential travelers with malicious spam linked through the Want Your Feedback service, prompting them to click the link to visit the hotel’s website and confirm the reservation using a credit card. If clicked, the target is redirected through various websites before landing on a customized phishing page, which features logos from major online travel industry brands, such as Airbnb and Booking.com. Other customizations include translations into one of 43 languages, a fake CAPTCHA box, and a fraudulent online help chat.