Fake Booking.com warning leads to tons of malware

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

A massive spam campaign impersonating the popular online hotel reservations agency Booking.com is underway, trying to convince recipients to download a document supposedly containing booking details (click on the screenshot to enlarge it):

The message states that the users’ credit card was rejected, and that they should “refresh” the credit card date (?).

The text of the email does contain some glaring errors, but unfortunately there are always careless users that click without thinking, and they will – instead of booking details – be saddled with a Trojan that downloads additional malware.

The only positive thing in this all is that the Trojan variant in question is detected by most of the most popular antivirus software.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.