A Russian-speaking group has registered more than 4,300 lookalike travel domains in 2025, cloning brands like Booking.com, Expedia, Agoda, and Airbnb to trick hotel guests into “confirming” their reservations with a credit card. The scam starts with realistic booking emails that funnel victims through redirects to fake sites in 43 languages, complete with brand logos, Cloudflare-style CAPTCHAs, and a bogus 3D Secure “support chat”. At the same time, the attackers quietly process payments in the background. Investigators say the kit behind these pages is highly automated and sold as phishing-as-a-service, making it easy for low-skill criminals to run industrial-scale card-stealing campaigns that also impersonate other big names like Microsoft and FedEx.

Via TheHackerNews