Phishing attacks in the hospitality industry: new research from Akamai

Recent research conducted by Akamai Technologies Inc. has highlighted an increase in the level of sophistication of phishing attacks targeting hospitality industry websites. Starting as early as June 2023, these attacks focused on using exploits of Domain Name System (DNS) protocols, which are the foundation of numerous online services and are a common target for hackers.

Double target for attacks in the hospitality sector

Choosing the hospitality sector as a target means that many attacks take on a dual nature: initially, phishing baits are launched aimed at staff, such as a series of online booking requests. Next, the attackers send follow-up emails that contain malware-infected links or photographs that embed programs to steal data from the operators.

Damage to reservations and information traffic

In this particular case, the attackers also targeted individual customers using online services, further compromising their accounts with emails containing malware. One of their tricks was to replicate hotel booking pages as part of the phishing campaign, with the aim of stealing potential guests' credit card details. The attackers even used an online chat window to make their fake pages look more realistic.

Analysis of domains used by attackers

Akamai researchers were able to examine DNS telemetry data thanks to the company's global presence and its customers' willingness to share anonymized network logs. Akamai stores domain name statistics with times and other information useful for identifying IP address patterns associated with particular domain names. These domains have been grouped and divided into clusters, many of which feature typosquatting techniques, such as combosquatting, which adds the subdomain "reservation" and other common words to the main domain to make them more credible and escape rapid inspection by less users. be careful.