Microsoft is warning about an emerging phishing technique named ‘ClickFix’ that cleverly tricks people into installing malware. A cybercriminal group known as Storm-1865 is using this method to target hotels and travel businesses by making them think they are fixing a computer error. This new scam relies on psychological manipulation rather than just tricking someone into clicking a bad link.
A Global Campaign Impersonating Booking.com
The threat group Storm-1865 has launched a widespread campaign targeting the hospitality industry across several continents, including North America, Europe, Asia, and Oceania. These attackers are specifically impersonating the popular travel website Booking.com to gain the trust of their victims.
The phishing emails are designed to look like official communications from Booking.com. They often contain urgent subject lines related to account verification, special promotions, or customer complaints to create a sense of panic.
While Booking.com has confirmed its own systems were not breached, the company acknowledged that some of its hotel and accommodation partners have been successfully targeted by these scams. The criminals are leveraging the trusted brand name to manipulate employees into compromising their systems.
How the ‘ClickFix’ Attack Unfolds
The ClickFix method is different because it turns the victim into an active participant in the attack. Instead of just downloading a file, the user is guided through a series of steps that they believe are meant to solve a problem.
The attack follows a clear and deceptive pattern:
- An employee receives an email that appears to be a critical alert from Booking.com.
- Clicking the link in the email takes them to a professional-looking but fake webpage, which often includes a captcha to seem legitimate.
- The site then displays a fake error message and instructs the user to fix it by copying a provided command, opening the Windows Run window, and pasting it in.
- This command secretly downloads malware onto the computer, which is designed to steal sensitive information like financial data and login credentials.
What Makes This Phishing Tactic Different
Traditional phishing attacks often rely on a simple click. The ClickFix technique, however, adds a new layer of social engineering. It exploits the human instinct to solve problems, making the victim feel like they are taking control of the situation while they are actually being compromised.
Chet Wisniewski, a cybersecurity expert at Sophos, pointed out that this method requires a bit more technical know-how from the victim than a typical scam. He explained that someone completely unfamiliar with system commands might not complete the steps. On the other hand, a more tech-savvy individual might recognize the danger of pasting an unknown command.
This unique requirement might prevent the tactic from being adopted by all cybercriminal groups immediately, but it shows how attackers are constantly evolving their methods.
How Hotels Can Protect Themselves from This Threat
Microsoft and other security experts urge businesses, especially those in the hospitality sector, to increase their vigilance. Training employees to spot and avoid these advanced threats is a critical first step.
No legitimate company, including Booking.com, will ever ask you to copy and paste commands into your system to fix an issue. Businesses should implement the following security practices to reduce their risk:
- Verify the Sender: Always double-check the sender’s email address to ensure it is from an official domain. Look for small misspellings.
- Question Urgency: Be suspicious of any email that demands immediate action or creates a sense of panic.
- Check Links Carefully: Before clicking, hover your mouse over any link to see the actual web address it leads to.
- Restrict Privileges: Limit the ability of users to install software or run administrative commands on their computers.
By staying informed and practicing good security habits, businesses can build a strong defense against emerging threats like ClickFix.
