Microsoft Uncovers Phishing Campaign Targeting Hospitality Sector

Microsoft has revealed a phishing campaign targeting the hospitality sector by impersonating the online travel agency Booking.com. This campaign, which began in December 2024, employs the social engineering technique known as ClickFix to distribute credential-stealing malware. The ultimate goal of this activity is to conduct credential theft attacks. The ClickFix technique is becoming increasingly popular and has been identified by Microsoft's threat intelligence team.