Find notable cyber news and cases, enriched with sources, timelines, and signals.

Russian-speaking mass phishing campaign targeting hotel guests

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A Russian-speaking phishing operation is expanding across the hospitality industry, using 4,300+ domains to lure hotel guests into entering payment data. The campaign relies on booking-confirmation emails, fake travel-brand pages, and chain redirects to make the fraud look legitimate. The activity matters because it is built for large-scale credential and card theft rather than a single isolated lure.

Related Happenings

Paid brand-impersonation phishing kits Lucid and Lighthouse scale fake-domain operations

Threat Actor Meta
H score37 First: 01.07.2026 10:20 Last: 01.07.2026 10:20 Sources 1

About this happening: Brand-impersonation phishing has become a **paid service**, with kits like **Lucid** and **Lighthouse** scaling fake-domain operations across **316 brands** in **74 countries**, i...

FIFA World Cup 2026 pre-positioned fraud campaign

Campaign
H score30 First: 30.06.2026 14:30 Last: 30.06.2026 14:30 Sources 1

About this happening: A **pre-positioned FIFA World Cup 2026 fraud campaign** was already staged before kickoff, widening the risk of **email impersonation**, **fake apps**, and **travel-site spoofing*...

Pre-World Cup 2026 fraud surge across partner spoofing, fake sportsbook apps, and travel domains

Trend
H score31 First: 30.06.2026 14:30 Last: 30.06.2026 14:30 Sources 1

About this happening: **Pre-tournament fraud** around **FIFA World Cup 2026** intensified across **partners, sportsbook users, and travel buyers**, raising the risk of impersonation, payment diversion,...

Booking.com partner accommodation phishing campaign targeting Japan

Campaign
H score32 First: 30.06.2026 13:30 Last: 30.06.2026 13:30 Sources 1

About this happening: A **phishing campaign** is targeting **Booking.com partner accommodations in Japan** with guest-complaint and review-request lures that deliver **malicious files** for **TONResolv...

Hotel and hospitality photo-ZIP phishing campaign

Campaign
H score40 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...

Timeline

  1. 13.11.2025 22:27 2 articles · 7mo ago

    Russian-speaking hotel guest phishing campaign disclosed

    Initial Disclosure

    A Russian-speaking mass phishing campaign is targeting hotel guests and other hospitality customers with booking-confirmation spam, fake travel-brand pages, chain redirects, and payment-stealing forms. The operation has registered more than 4,300 domains since the start of the year and began in earnest around February 2025, with impersonation centered on Booking, Expedia, Agoda, and Airbnb. The bogus sites use brand logos, a fake Cloudflare-style CAPTCHA, AD_CODE-based routing, and a staged 3D Secure verification flow to collect card details, expiration data, and CVV for attempted background transactions.

    Show sources