March 26, 2025 By Pieter Arntz
A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown.
Here’s how it works: Cybercriminals send a fake Booking.com email to a hotel’s email address, asking them to confirm a booking.
The email is sent only a few days before the check-in-date, which is very likely to create a sense of urgency—a common tactic of scammers.
But if the hotel staff were to copy and paste the URL into the browser address bar they will be greeted by this fake CAPTCHA website.