Hoteliers and their clients are the target of cyberattacks directed at their interface with the Booking.com reservation platform, warns the union of hospitality entrepreneurs, GNI, which invites victim professionals to disconnect from the site, notify their clients and present a complaint.
Since the end of December, cybercriminals have taken control of the interface of certain professionals with Booking.com, using targeted phishing techniques and have sought to extort the payment details of Internet users who have used the platform, alerts the GNI in an email email to its members.
These messages invite hoteliers to click on a link that contains a file that infects their PCs with viruses that hijack passwords that allow hackers to modify the “branding, (the) contact details, rooms and prices” of the establishments. .
fraudulent site
Hackers also impersonate the hotel to its customers, contacting them via Booking.com or WhatsApp messages, inviting them to click on a link and provide their bank details.
“We don’t know where the security breach came from, if it came from the hoteliers or from Booking, but the cybercriminal managed to get into the hotelier’s messaging system and retrieve the information,” Véronique Martin, director of the Europe and digital of the GNI. .
Dozens of hotels attacked
For Gérôme Billois, Wavestone’s cybersecurity expert, “hacking of this type on platforms is extremely common”, with an “increase in quality” of these: “hackers manage to obtain pass identifiers and passwords using scenarios very well facts”.
It asks the platforms to “establish procedures to react very quickly” in the event of a cyberattack.
“The hoteliers must present a complaint and the clients too, which will make it possible to assess the scope of these attacks,” he said, adding that he had “identified a dozen Parisian hoteliers attacked” by them. “But this is certainly just the tip of the iceberg. We must prevent it from spreading throughout France, or even Europe,” Ms Martin said.
Booking refutes any defect
Parisian hotelier Fabienne Ardouin, who manages the France Albion and Helussi hotels, identified “23 cases of fishing with clients, five of whom clicked on the link and gave their credit card information to the hackers,” she told the AFP.
“I immediately cut my connection to the site: I no longer have rooms for sale on Booking.com, I’ve been losing billing for a week,” says the hotelier who chairs the GNI Digital Commission.
Alerted, the platform remained silent, continuing: “My account manager just told me they were still looking.” The GNI seized the cybermalveillance.gouv.fr platform and alerted the Fraud Repression and the Cnil about “Booking.com’s lack of support in this security breach”.
Asked by AFP, the platform affirms that “the security breach does not come from Booking.com” and ensures that “the accounts involved were quickly blocked”, and that “potentially involved travelers had been informed”.
Source: BFM TV
