Malicious actors are impersonating popular booking platforms such as Booking.com, Expedia, etc., sending emails with subjects like "Booking Confirmation," "Customer Complaint," "Payment Update," "Booking Cancellation," etc.
These emails are designed to look legitimate and contain links or Excel files disguised as invoices/booking information that carry viruses, Vietnam's cybersecurity company Bkav warned in a newly-released statement.
It's difficult to distinguish between real and fake emails, making users susceptible to losing vigilance. Clicking a link or opening an attachment will activate the malicious code. From there, hackers can take control of devices, steal customer data leading to personal information leakage, or install additional spyware to deeply penetrate the system.
"A global cyberattack campaign named ClickFix is targeting Vietnam, specifically hotels, homestays, resorts, and accommodation facilities," Bkav warned.
According to a research by Bkav experts, the ClickFix attack campaign utilizes PureRAT, a form of Remote Access Trojan (RAT) designed to monitor user activity, steal passwords, expand the scope of internal attacks, and remain undetected for extended periods.
More worryingly, ClickFix shows signs of operating under an "Attack-as-a-Service" model, meaning hackers can purchase ready-made tools and launch attacks without requiring sophisticated technical skills.
Vietnam has tens of thousands of accommodation facilities listed on popular booking platforms like Booking.com, Agoda, Traveloka, Airbnb, etc. This group is particularly vulnerable because reception staff and booking departments often lack formal cybersecurity training, making them easily deceived by nearly identical fake booking emails.
Google translate