Cybersafetyconnections November 17, 2025 vol# 244 

  • From Thehackernews.com there was a mass phishing campaign linked to Russian Speaking threat. 
  • The cyberattack is targeted at hotel guests who may have a travel reservation. 
  • This was reported as a very sophisticated phishing scam. Well, it is not “if” but “when” there will be a cyberattack. 
  • Though the identities of the threat actors are unknown, the use of Russian for source code comments and debugger output maybe a dead giveaway. 
  • Here is how the impacted companies/travels mitigated loss from the cyberattack. 

What happened? 

Why It Is Important 

From Thehackernews.com there was a mass phishing campaign linked to Russian Speaking threat. 

This phishing campaign had been traced to the beginning of the year 2025 and involved the registration of more than 4,300 domains target hotels guest who have reservations with spam emails. 

Of the 4,344 domains linked to the attack, 685 had the words Booking, Expedia, Agoda or Airbnb imitating all popular booking and rental websites. 

The victims are presented with a link to click and confirm their reservations. If they fall for the trick, they will be redirected to a fake site that mimics the original site, complete with their logos. The cookies copy the initial site information and repeat it on subsequent visits. 

The sites allowed victims to make payments in 43 languages casting a wide net for victims. Victims are instructed to pay a deposit and are only allowed to proceed with a particular code.  

The code in the URL only needs to be changed for a different hotel to come up on the same booking platform. The site even has CAPTCHA looking like it’s from features from Cloudflare to give it legitimacy. 

When a visitor enters their credit card number, ration date and CVV, a confirmation page comes up along with a Support chat asking visitors to confirm using 3D verification to protect against fake booking. 

Who was impacted? 

Airport Passenger Image 

The cyberattack is targeted at hotel guests who may have a travel reservation. 

Why did it happen? 

Scam Stock Photos 

As mentioned, this was a very sophisticated phishing scam and so it is not “if” but when cyberattacks happens. If possible, it is much better to prevent, than to detect and investigate a cyberattack.

Which cybercriminal claimed responsibility for the cyberattack? 

Server 

Though the identities of the threat actors are unknown, yet the use of Russian for source code comments and debugger output maybe a dead giveaway. 

How did travelers/Booking Sties mitigate against loss from the cyberattack? 

Pre and Post Diseaster Management 

The stories did not provide information about mitigating loss. 

From Copilot, here is how to mitigate loss from the cyberattack. 

To mitigate losses from the Russian hackers’ travel scam, travelers and organizations should focus on verification, payment security, and proactive monitoring. The key is to avoid entering sensitive data on fraudulent sites and to strengthen defenses against phishing. 

🛡️ Practical Steps for Travelers 

  • Book directly through official platforms  
  • Always type the URL manually or use the official app for Booking.com, Airbnb, Expedia, or Agoda. Avoid clicking links in unsolicited emails The Hacker News cyberwarzone.com
  • Check for HTTPS and domain spelling  

Fraudulent sites often mimic legitimate ones but may have subtle misspellings or unusual domain endings (e.g., .info, .xyz). Look for HTTPS and verify the exact domain GBHackers

  • Beware of urgent reservation emails  

The scam often pressures victims with “confirm within 24 hours” messages. Legitimate platforms rarely demand immediate action with threats of cancellation cyberwarzone.com

  • Use virtual or limited-use cards  

Many banks offer disposable card numbers or transaction limits. This reduces exposure if payment details are stolen BetterWorld Technology

  • Enable transaction alerts  

Set up SMS/email alerts for all card activity. Quick detection allows faster reporting and chargeback requests. 

🏨 Steps for Hotels & Travel Companies 

  • Educate customers  

Send reminders about official booking channels and warn against phishing emails. Clear communication builds trust and reduces victimization Travel Research Online

  • Deploy anti-phishing monitoring  

Use services that detect and take down fraudulent domains impersonating your brand. Netcraft and similar providers track malicious registrations The Hacker News

  • Multi-factor authentication (MFA)  

Require MFA for customer logins to reduce account takeover risks. 

  • Incident response playbooks  

Prepare a structured plan for handling phishing-related fraud, including customer notification, law enforcement coordination, and financial recovery steps. 

🌍 Strategic Risk Mitigation 

  • Industry collaboration  

Travel platforms should share threat intelligence to identify phishing kits and malicious domains faster BetterWorld Technology

  • Language-aware detection  

Since the scam operates in 43 languages, monitoring must extend beyond English to catch global variants BetterWorld Technology

  • Insurance & liability planning  

Organizations should evaluate cyber insurance coverage for fraud-related losses and clarify liability in customer agreements. 

✅ Key Takeaway 

The Russian hackers’ travel scam thrives on social engineering and brand impersonation. Losses can be mitigated by verifying booking sources, limiting payment exposure, and strengthening monitoring systems. For someone like you, Karen, who values risk dashboards and playbooks, this incident is a perfect case study to design a phishing-specific resilience framework that blends customer education with technical defenses. 

Subscribe to get the latest blog post.