| NJCCIC: Beware of Holiday Travel Scams Threat actors continue their attempts to trick users making hotel reservations and other travel arrangements by impersonating major brands. In one large-scale phishing campaign, they target potential travelers using malicious spam linked through the Want Your Feedback service, which prompts them to click the link to visit a hotel’s website and confirm their reservation using a credit card. If clicked, the target is redirected through various websites before landing on a customized phishing page featuring logos from companies such as Airbnb and Booking.com. In another scheme, threat actors use compromised email accounts to send customer service-themed requests to hotel reservation email addresses. These emails contain a malicious link and employ the ClickFix social engineering tactic to compromise booking platforms, such as Expedia, with infostealer malware that captures account credentials. The NJCCIC advises users to scrutinize messages containing urgent language or confirmation of updates, changes, or requests. Additionally, type official website URLs into browsers manually and only submit personal or financial information on official websites. For more information, view the NJCCIC’s latest alerts and advisories. |