Hacking manual found for scam targeting hotels and consumers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Computer security experts in Japan and Europe have begun piecing together details behind an extensive hacking scheme targeting one of the largest online hotel reservation sites in the world.

A Russian-language bulletin board was found to have played a key role in bringing together various hacking groups that targeted hotels to gain illegal access to the website.

Posing as tourists, the hackers sent emails infected with viruses to hotels and obtained the IDs and passwords used by the hotels to gain access to the site.

The hackers then posed as the hotel staff to send fake messages to tourists to steal their credit card information, which was then used in the phishing scam.

The security experts said the Russian manual explained how to go about obtaining such information from hotels and consumers. The manual provided sample emails to send to hotels and consumers.

A Spanish expert obtained a copy of the manual and agreed to talk to The Asahi Shimbun.

The manual dated March 27, 2023, contained specific instructions, such as limiting the number of hotel reservations made to 20, to reserve at hotels that have a free cancellation policy as well as to send emails to hotels.

The manual instructed that the emails be sent after a reservation is made on the site.

Email templates were included in the manual, with one asking the hotel for instructions for reaching the hotel.

The Hotel Granvia Osaka disclosed in June that it had been a victim of the phishing scam. A hotel official later said to the Asahi Shimbun that it had received an email with similar content to the one in the manual.

The Spanish expert said hacker groups mainly used two bulletin boards to exchange information in Russian. The Telegram app that allows for high anonymity was used to send the messages. He said between 10 to 30 hacking groups regularly used the bulletin board, along with a large number of individual participants.

One group calling itself the Butterfly Team reported on the bulletin board that it had succeeded in pulling off 49 scams worth a total of 14,000 euros (2.2 million yen or $15,500).

The expert also found an online site that provided advice to potential hackers. The site said it would pay up to $5,000 to anyone who provided the accounts hotels used to access the site.

The expert pointed out the hacking groups distributed the roles used in the scam, with some providing the accounts and others sending out the fake emails.

He explained that the scam spread quickly because the methods used were so elementary that anyone with access to a computer could join in the hacking. As a result, some individuals made a living through the scam, the expert said.


Tokyo-based computer security company LAC Co. also provided details about the phishing scam and confirmed the existence of the dodgy bulletin boards.

One placed a “help wanted” ad that offered a minimum monthly salary of 100,000 rubles (about 160,000 yen) for making hotel reservations and sending emails infected with viruses.

Takehiko Kogen of LAC said, “I do not recall such a massive scam targeting a platform company.”

Reservations on the site can be made at about 6.6 million hotels around the world. A major selling point of the site is the ease of registering as a user and contacting hotels. But that convenience is now under threat from hacking groups.

Kogen added that it was not easy for layman users to distinguish between genuine and fake sites. He urged consumers to check their credit card use regularly and adopt analog methods by directly calling a hotel if they receive an email from it to confirm the online correspondence is legitimate.

There were also indications that messages were sent to the bulletin boards in an attempt to target other large online reservation sites.

A manager at a hotel in the Kanto region acknowledged receiving email inquiries from individuals posing as having made reservations through other major online reservation sites.

By early December, close to 70 hotels in Japan disclosed that they had been victims of such phishing scams, but the number is expected to increase in the future.

window.fbAsyncInit = function() {
appId : ‘137119773101625’,
xfbml : true,
version : ‘v7.0’
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); = id;
js.src = “”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));


Click Here For The Original Story From This Source.

National Cyber Security