Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
These articles are AI-generated summaries. Please check the original sources for full details.
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data
Russian hackers created 4,300 fake travel sites in 2025 to steal hotel guests’ payment data using real brand logos. The campaign, attributed to a Russian-speaking threat group, leveraged 4,344 domains with brand names like “Booking” and “Airbnb” to mimic legitimate platforms.
Why This Matters
Phishing has evolved into a systematized, automated threat via Phishing-as-a-Service (PhaaS), enabling low-skill actors to execute large-scale attacks. The 4,300 domains highlight the scale of this threat, with stolen card data and credentials posing risks to both individuals and organizations. Traditional security models assume user vigilance, but attackers now use pre-built kits with CAPTCHA evasion, pre-filled data, and Telegram exfiltration, making detection harder and financial losses more predictable.
Key Insights
- “4,300 fake domains registered in 2025, per Netcraft”: https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
- “Phishing kits mimic Cloudflare CAPTCHA and use brand logos for legitimacy”: https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
- “Phishing-as-a-Service (PhaaS) enables non-technical actors to steal credentials at scale”: https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
Practical Applications
- Use Case: Hospitality industry targeted via fake booking sites with pre-filled guest data
- Pitfall: Relying on generic phishing templates without domain-specific customization reduces success rates
References:
- https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
- https://www.netcraft.com
- https://www.sekoia.io
- https://cyble.com
- https://group-ib.com
Continue reading
Next article
ThreatLocker's DAC for macOS: Enhancing Security Through Configuration Scanning
Related Content
Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
Proofpoint identifies UNK_SmudgedSerpent, an Iranian-linked group using fake Microsoft Teams apps to phish U.S. policy experts during heightened Iran-Israel tensions, with attacks spanning June–August 2025.
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Cybercriminals exploit fake Booking.com pages and PureRAT malware to steal hotel credentials, active since April 2025.
Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
Google sues China-based hackers behind the $1B Lighthouse PhaaS scam affecting 1 million users globally.