Hackers Mimic Hotel Software in Ad Scam to Steal Logins

A targeted phishing campaign launched in August 2025 is exploiting malicious search engine ads to breach hotel management systems. Hackers mimic hotel software by typosquatting well-known platforms like SiteMinder and RoomRaccoon. These fake ads appear above legitimate search results, tricking hoteliers and vacation rental operators into clicking fraudulent links.

Once clicked, users land on cloned login pages designed to capture usernames, passwords, and one-time passcodes. The phishing sites replicate real platforms and implement social engineering techniques to bypass multi-factor authentication. Hackers mimic hotel software again by building fake portals that accept various MFA methods, increasing the chance of account compromise.

Okta Security analysts linked the attack to Russian-speaking threat actors after detecting beaconing scripts and Cyrillic error messages. The phishing pages exfiltrate data every 10 seconds, enabling real-time monitoring of victim activity and credentials.

Read the full report at: https://cybersecuritynews.com/new-large-scale-phishing-attacks-targets-hotelier/