• Other

    Hackers are abusing hotel booking notifications to steal credentials in a new phishing campaign

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    Hackers are abusing hotel booking notifications to steal credentials in a new phishing campaign

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Booking.com phishing scam uses secret characters to trick victims – last-minute holiday hunters beware

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    UK immigration system targeted by hackers – dangerous new phishing campaign hits Sponsorship Management System

    Holidaymakers under threat from devious new cyber threat – here’s how to stay safe

    Hackers are also going back to school – major campaign hijacks Google Classroom to hit targets

    Your employee logins are more valuable to criminals than ever – here’s how to keep them protected

    Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services

    Hook, line and sinker: how to detect and protect your business from phishing attacks

    Massive leak of over 115 million US payment cards caused by Chinese “smishing” hackers – find out if you’re affected

    Plane tickets are getting more expensive, and AI bots may well be the reason why — here’s what you need to know

    Malicious URLs and phishing scams remain a constant threat for businesses – here’s what can be done

    Experts warn this top GenAI tool is being used to build phishing websites

    Amazon says it stopped Russian hackers targeting Microsoft logins as Cozy Bear strikes again

    That email from finance with your name in the subject line? It might just be a trap – here’s what researchers found about malware delivery

    Hackers are abusing hotel booking notifications to steal credentials in a new phishing campaign

    Sead Fadilpašić

    9 September 2025

    Newly discovered campaign targets hotels and other hospitality businesses

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Getty Images)

    Phishing campaign targets hotel staff using fake Expedia and Cloudbeds login pages
    Attackers show deep knowledge of hospitality workflows to boost credibility
    Hospitality businesses are prime targets due to constant handling of sensitive guest data

    Hotels, and other similar businesses in the hospitality industry, are being targeted by an advanced, highly convincing, phishing campaign.

    The goal of the attacks is to harvest usernames, passwords, and potentially multi-factor authentication tokens (MFA) from two hospitality-centric platforms: Expedia Partner Central, and Cloudbeds.
    This is according to Mimecast’s Threat Research Team, and researchers Samantha Clarke and Ankit Gupta. The team discovered an ongoing campaign distributing “urgent, business-critical subject lines designed to prompt immediate action from hotel managers and staff.”

    You may like

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Booking.com phishing scam uses secret characters to trick victims – last-minute holiday hunters beware

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    Sophisticated understanding of hospitality workflows
    Usually, the email messages discuss common tracking alerts, system updates, guest booking confirmations, and partner central notifications. These are regular topics in the hospitality industry, and are generally time-sensitive. Hotels that fail to address these messages on time usually end up losing revenue.

    This means that, whoever is behind this campaign, has “sophisticated understanding of hospitality workflows,” the researchers further explained. The links in the emails then redirect the victims towards malicious landing pages, designed to look identical to login pages of Expedia and Cloudbeds.
    This is where the attackers capture login credentials and, potentially, 2FA codes. All of the landing pages were hosted on Vercel, they added.
    Sensitive data, such as email addresses, Social Security Numbers, passport and government ID numbers, dates of birth, postal addresses, and similar, are quite valuable to cybercriminals.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    They allow them to launch phishing attacks that can give them access to important services, bank accounts, and more. Businesses in the hospitality industry, on the other hand, generate this type of data constantly, making them a prime target for campaigns such as this one.
    Less than a month ago, a cybercriminal managed to break into the booking system used by numerous hotels in Italy and steal highly sensitive information on thousands of guests. Before that, high-profile hotel chains, including Marriott and Hilton, all had sensitive customer data leak as part of a supply-chain attack against a partner.
    You might also like

    Microsoft warns about a new phishing campaign impersonating Booking.com
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Booking.com phishing scam uses secret characters to trick victims – last-minute holiday hunters beware

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    UK immigration system targeted by hackers – dangerous new phishing campaign hits Sponsorship Management System

    Holidaymakers under threat from devious new cyber threat – here’s how to stay safe

    Hackers are also going back to school – major campaign hijacks Google Classroom to hit targets

    Latest in Security

    Compromised files replace npm packages with a combined 2 billion weekly downloads

    UK policing watchdog finds National Crime Agency heavily reliant on weak legacy systems

    All Plex users should reset passwords in wake of data breach

    GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

    Insider breaches are a bigger security threat than ever before – here’s how your business can stay safe

    This creepy spyware watches you through your webcam and snaps incriminating photos

    Latest in News

    BREAKING: iPhone 17 Pro revealed – here’s what you need to know

    BREAKING: Everything you need to know about the iPhone Air

    BREAKING: Here’s what you need to know about the iPhone 17

    Apple Watch Ultra 3, Series 11, SE 3, AirPods Pro 3 – all the fitness wearables launched during Apple’s mammoth September event

    New Avengers: Doomsday image revealed by the Russo brothers, and Marvel fans are scrambling to work out what it means

    Apple event 2025 live as it happened – all the iPhone Air, Apple Watch Ultra 3, AirPods 3 and iPhone 17 Pro news direct from Cupertino

    LATEST ARTICLES

    I’m a deals expert – here are the best AirPods Pro 3 deals to preorder today

    AirPods Pro 3 vs AirPods Pro 2: here’s how Apple’s new earbuds compare to the current model

    AirPods Pro 3 vs AirPods 4 – the 6 key differences to help you decide which looks the better buy

    Apple Watch Ultra 3 preorders – all the best deals on Apple’s most advanced wearable

    Apple Watch Series 11 vs Apple Watch Series 10: Is it worth upgrading straight away?

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like