Tag Archive for: fraudsters

Fraudsters attack Booking.com customers after hacking hotels


Fraudsters, Booking.com, customers, hacking hotels
Image Source : FILE Fraudsters attack Booking.com customers after hacking hotels

This year, we witnessed larger cybercrime cases which upscaled across the world. Recently, cybersecurity researchers have warned people about a new scam that was targeting Booking.com customers. The hackers are posting advertisements on the Dark Web and asking for help in finding victims. This time, the hackers are targeting accommodation that has been listed on the platform to imitate the staff members.

How are hackers operating now?

At present, the scam is being investigated by the cyber-security firm named Secureworks, which is involved in the deployment of the Vidar infostealer to steal a hotel’s Booking.com credentials.

Access to the Booking.com management portal will enable the threat to see the upcoming bookings and will directly message the guests, as per Secureworks- the cybersecurity firm.

Although the portal of Booking.com has not been hacked, the hackers have come up with several ways to get into the administration portals of individual hotels which use the service.

Hackers are compensating this time

Hackers are offering USD 30 to USD 2,000 per valid log with additional incentives for regular suppliers.

As per the reports, hackers will be making so much money in their attacks that they are now offering to pay thousands of dollars to the criminals who share access to the hotel’s portal.

The spokesperson of Booking.com stated that they are aware that some of its accommodation partners are being targeted by the hackers by “using a host of known cyber-fraud tactics”, the BBC report states.

Secureworks incident responders have noted further that the threat actor has initiated contact by emailing a member of the hotel’s operations staff.

The security team noted, “The sender claimed to be a former guest who had lost an identification document (ID), and they requested the recipient’s assistance in finding it. The email did not include an attachment or malicious links, and it was likely intended to gain the recipient’s…

Source…

Hackers, Fraudsters and Thieves: Understanding Cybersecurity in the Gaming Industry


The gaming sector is under siege. The number of gaming-related cyber-attacks is growing at an alarming rate, and the online boom of the early 2000s brought hackers to the gate. In two decades, an industry worth tens of billions was transformed into one worth hundreds of billions in revenue – $221.4bn in 2023. Unsurprisingly, this growth and the opportunities it provides cyber-criminals did not go unnoticed. With such a lucrative target, hackers have long plagued the sector.

Moreover, the popularity of gaming has also been steadily increasing for years, with the total number of gamers soon to reach 3.32 billion in 2024. An increase in gamers has led to an abundance of targetable accounts storing all sorts of sensitive data. However, cyber-criminals aren’t just after gamers’ passwords and card details.

In-game digital assets, either through trickery or brute force, can be stolen or fabricated. Just last year, the most expensive CS:GO inventory, worth £2m, was stolen by hackers. And finally, let us not forget the bad actors who hack simply to gain a personal advantage over their fellow players.

What Impact Does This Have on the Gaming Industry?

From a developer or publisher standpoint, gaming-related cybercrime is detrimental to business. The inability to provide a safe and secure experience for players erodes consumer trust, undermines in-game economies and ultimately decreases game and microtransaction sales.

Just look at the bad PR that Fortnite has received recently. Admittedly, in this instance, a gaming behemoth like Epic Games will keep chugging along. But for smaller, less developed titles, such attacks can cause significant reputational damage. Consistently poor security practices will lead to diminishing player bases, either due to players giving up on the game or simply being unable to log in and play. For example, The Division is a game which experienced a player exodus largely due to rampant hacking. Despite the title’s financial success on release, The Division soon became known for its glitches, exploits and hacks that undermined the game’s long-term future. 

The most successful games are those that can maintain loyal player…

Source…

Fraudsters use ‘fake emergency data requests’ to steal info • The Register


In Brief Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook’s parent company Meta, were victims of this fraud.

Both Apple and Meta handed over users’ addresses, phone numbers, and IP addresses in mid-2021 after being duped by these emergency requests, according to Bloomberg.

EDRs, as the name suggests, are used by law enforcement agencies to obtain information from phone companies and technology service providers about particular customers, without needing a warrant or subpoena. But they are only to be used in very serious, life-or-death situations. 

As infosec journalist Brian Krebs first reported, some miscreants are using stolen police email accounts to send fake EDR requests to companies to obtain netizens’ info. There’s really no quick way for the service provider to know if the EDR request is legitimate, and once they receive an EDR they are under the gun to turn over the requested customer info. 

“In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person,” Krebs wrote.

Large internet and other service providers have entire departments that review these requests and do what they can to get the police emergency data requested as quickly as possible, Mark Rasch, a former prosecutor with the US Department of Justice, told Krebs. 

“But there’s no real mechanism defined by most internet service providers or tech companies to test the validity of a search warrant or subpoena” Rasch said. “And so as long as it looks right, they’ll comply.”

Days after Krebs and Bloomberg published the articles, Sen Ron…

Source…