Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Russian-speaking mass phishing campaign targeting hotel guests

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

A Russian-speaking phishing operation is expanding across the hospitality industry, using 4,300+ domains to lure hotel guests into entering payment data. The campaign relies on booking-confirmation emails, fake travel-brand pages, and chain redirects to make the fraud look legitimate. The activity matters because it is built for large-scale credential and card theft rather than a single isolated lure.

Related Happenings

Ghost Stadium FIFA World Cup fraud campaign

Campaign
First: 27.05.2026 14:28 Last: 27.05.2026 14:28 Sources 1

About this happening: A **Ghost Stadium** fraud campaign has registered **4,300+ FIFA lookalike domains** and is using **paid Facebook ads** to funnel **2026 FIFA World Cup** fans into phishing and tic...

Open Happening

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

Open Happening

AccountDumpling Google AppSheet Facebook phishing campaign

Campaign
First: 01.05.2026 21:09 Last: 01.05.2026 21:09 Sources 1

About this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...

Open Happening

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First: 26.03.2026 16:09 Last: 26.03.2026 16:09 Sources 1

About this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...

Open Happening

FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments

Campaign
First: 24.03.2026 18:35 Last: 24.03.2026 18:35 Sources 1

About this happening: The **FAUX#ELEVATE** phishing campaign is actively targeting **French-speaking corporate environments** with **fake resume/CV lures** that deliver malware for **credential theft**...

Open Happening

Timeline

  1. 13.11.2025 22:27 2 articles · 6mo ago

    Russian-speaking hotel guest phishing campaign disclosed

    Initial Disclosure

    A Russian-speaking mass phishing campaign is targeting hotel guests and other hospitality customers with booking-confirmation spam, fake travel-brand pages, chain redirects, and payment-stealing forms. The operation has registered more than 4,300 domains since the start of the year and began in earnest around February 2025, with impersonation centered on Booking, Expedia, Agoda, and Airbnb. The bogus sites use brand logos, a fake Cloudflare-style CAPTCHA, AD_CODE-based routing, and a staged 3D Secure verification flow to collect card details, expiration data, and CVV for attempted background transactions.

    Show sources
    Open in new tab